By Jack M. Germain E-Commerce Times
06/28/07 4:00 AM PT
A recent monthly Instant Messaging Threat Watch by security firm Akonix tracked 20 malicious code attacks over IM networks during the month of May, bringing the 2007 total to 170 threats. The number of security threats associated with unmanaged instant messaging during work hours is steadily increasing. On average, at least one IM attack occurs per day.
Increase Customer Sales with VerticalResponse Email Marketing! Quickly and easily send email newsletters, coupons & sales announcements to your customers – no technical expertise needed. Sign up for your Free Trial today and send 100 emails on us!
Instant messaging applications are easy targets for hackers taking advantage of vulnerabilities. It is critical for businesses to pay attention to their employees' use of instant messaging during work hours, warn security pros.
Failure to safeguard sensitive company data could expose corporate networks to intrusions from an growing variety of attack malware.
"Businesses are becoming exacerbated by IM threats. Despite compliance and content issues, most companies continue allowing workers to use consumer-based IM networks. Such use has steadily grown over the last five years," Maurene Caplan Grey, founder and principal analyst for Grey Consulting, told the E-Commerce Times.
The first part of this two-part series will look at what risks the unbridled use of consumer instant messaging apps can present to an enterprise.
Attacks Growing
A recent monthly Instant Messaging Threat Watch by security firm Akonix tracked 20 malicious code attacks over IM networks during the month of May, bringing the 2007 total to 170 threats.
The number of security threats associated with unmanaged instant messaging during work hours is steadily increasing. Akonix found a 73 percent increase in threats between 2006 and 2007. On average, at least one IM attack occurs per day.
Nearly half (46 percent) of the 171 respondents to a June 2007 Web poll by Akonix admit their primary use of instant messaging at work is for personal communications. Employees can unintentionally exchange infected files, such as vacation pictures and videos, with their friends, potentially spreading worms and viruses across corporate networks.
Same Pattern
Businesses are reacting to the use of IM in the office much as they did in the infancy of e-mail several years ago. People were using e-mail at home, but many workplaces did not provide e-mail accounts. People brought their personal e-mail accounts to the office.
"That caused a boom for spreading the Melissa and the I Love You viruses. That had pretty disastrous impact at work with e-mail. Now the same things are happening with IM," Don Montgomery, vice president of marketing at Akonix, told the E-Commerce Times.
The use of instant messaging in the workplace as a business tool has exploded in the last 18 to 24 months. This is the same pattern businesses displayed with e-mail, he said.
One reason that instant messaging is becoming so prominent on workers' desktop computers is its similarity to other established electronic communication over the Internet.
"IM is another way of communicating along with e-mail, text and voice. But IM is not exclusive like e-mail was thought to be," said Grey.
Similar Security Weakness
In much the same way they first eyed e-mail, many mainstream enterprise managers view instant messaging as being a huge time-waster for workers. However, many bosses tend to tolerate IM because of its popularity.
Some studies show that as many as 90 percent of all organizations use instant messaging. In addition, as much as 60 percent of e-mail users at work also use IM in the office, according to Michael Osterman, president of Osterman Research. He has been tracking the growth of IM in the workplace for the last two years.
"IM starts with a free product to bring informal adoption with no security," Osterman told the E-Commerce Times.
No specific research points to one consumer IM client being more of a corporate threat than others. In part, this is because there is no dominating market share in the IM space, he said.
Security Risks
Instant messaging poses risks to enterprise on three fronts. One risk category is the easy access for viruses, worms and spyware, Montgomery explained.
A second risk category is exposing the company to liability for inappropriate use. For example, workers can send offensive comments to fellow employees with speed faster than e-mail. Instant message conversations can also disclose sensitive corporate details, much the same as e-mail correspondence.
A third risk category instant messaging poses is the real possibility that the message content will violate regulatory compliance rules. Federal rules now require certain types of business activity to monitor and archive instant message and e-mail communications.
"Corporations are finally starting to wake up to all the security problems associated with IM," added Grey.
IT Responding
As business executives come to terms with IM security issues, some IT departments are starting to react to the unbridled used of consumer IM apps running on corporate networks. About 30 percent of enterprises are blocking its use, Osterman said.
However, blocking consumer IM may not be an effective strategy , he cautioned. Blocking the ports that IM clients use can also block legitimate Internet traffic as well.
A better approach might be implementing a corporate IM product or installing an IM auditor program to build in control and have IT regulate how employees use instant messaging.
"You can use such tools with rules to prevent file transfers or map workers' IM handles with their corporate e-mail addresses to present a consistent company image. The problems begin with workers using their own personal IM identities at work," explained Osterman.
Enterprise-Level IM
In fact, businesses are now starting to look at corporate-level IM applications, noted Grey. Vendors have been developing enterprise-level IM products for a while. However, their adoptions are slow because businesses have to decide to purchase a program instead of continuing to allow use of free IM clients.
Now, vendors are shifting their products to make instant messaging a component in a suite of communications tools rather than a stand-alone purchase. This is beginning to offer better protection options to corporations, according to Grey.
With vendors pushing a new product line, the new generation of messaging products now fits a new category. Unified communications is the term that has now become the new buzz work, Grey said.
"Each vendor has its own take off on how to get unified communications. IM is a key element to all offered solutions," she said. "Vendors are now pushing their own products together with tool sets to recreate what workers are already doing."
Beware of Online Shysters June 27, 2007
The illegal downloading and selling of items, such as music and videos, has been widely reported and continues to be a hot potato. "Some counterfeiters are so bold that they advertise movies that have not yet been released," said Andrew Horton, product management director at MarkMonitor.
Related Stories
Homeland Security Not So Secure June 20, 2007
A Congressional subcommittee learned that the U.S. Department of Homeland Security has experienced about 800 security breaches, many in the form of computer hacking. The DHS, an organization with hundreds of separate departments, possibly suffers from not having an overall plan to address security issues, according to Khalid Kark, senior analyst with Forrester Research.
Ethernet's New Security Layer June 19, 2007
"Only encryption can protect data itself -- and while IPSec (Layer 3) is still very common due to its flexibility, the technology is an overhead burden on the network," said Safenet's Andy Solterbeck. "IPSec encryption can create significant network bottlenecks, whereas Layer 2 encryption introduces virtually no latency or overhead to the network."
Security Testers Spot Bugs Galore on Windows Safari June 13, 2007
Mere hours after Apple rolled out the beta version of its Safari on Windows Web browser, security experts claimed to find it riddled with security holes, some of which were serious. Aside from the alleged flaws, Apple faces an uphill battle in putting its browser on the Windows desktop, which is already crowded with competitors like Firefox and Explorer.
More by Jack M. Germain
Yahoo Lets FOSS Community Drive Its Traffic Server November 04, 2009
Yahoo Traffic Server is an app server for builders of cloud services. The software package enables session management, authentication, configuration management, load balancing and routing for an entire cloud computing stack. Yahoo has now open sourced a version of the application through Apache.
Is AES Encryption Crackable? November 03, 2009
A team of researchers has discovered what they think could be a flaw that leaves AES encryption open to attack. The technique has only been shown in a theoretical setting; in practice, such a hack would be very difficult to pull off. Still, such a finding could bring into question the faith that's been placed in AES -- and spur new innovation to make encryption even better.
Windows 7 Is a Snooze October 29, 2009
It's accurate to say that Windows 7 straightens out some of the problems with Vista. Aside from that, though, there aren't a whole lot of standout reasons to upgrade to the new OS, especially if you're currently on XP or you honestly don't mind Vista. The new features that are present aren't quite worth the trouble to learn how to use, and if you happen to have even slightly old equipment, forget about it.
Headline Feeds
Talkback: 
