|
Enterprises need to implement better strategies to protect themselves from instant messaging (IM) security attacks, according to Gartner. IM threats -- typically viruses -- increase with IM use and exposure to IM-related social engineering tactics, such as unsolicited IM messages from compromised buddies. Gartner analysts advocate adopting IM security and management strategies similar to those in place for enterprise email.
Gartner analysts said IT administrators who do not manage and protect public IM will experience 80 percent more IM-related security incidents than those that do.
"IT organizations must keep this threat in context and balance it against the productivity benefits of IM," said Peter Firstbrook, research director for Gartner's Information Security and Privacy research group. "Employees report benefiting from faster decisions, higher productivity and lower telecommunications costs when they use IM. However, organizations must plan for and build a strategy for IM management and security, much like they have for e-mail."
Gartner analysts identified a number of risks of uncontrolled IM including:
- Lack of regulatory compliance involving records retention, communications limitations between employees and auditing of communications, among others
- Lack of universal encryption or widespread use of encryption can result in confidential or secret data being exposed in IM communications
- Lack of records or universal naming conventions can result in disputes over what was communicated and with whom, when business deals are conducted over IM networks.
- Lack of visibility into IM usage can result in noncompliance with acceptable usage of enterprise assets, such as transfer of pornography, or salacious messages, and playing multiplayer games.
"Unsolicited IM advertising messages, usually driven by compromised buddies, are beginning to appear and grow. Lack of visibility and control means that IT cannot manage the use of IM or enforce safe policies," said Mr. Firstbrook. "As with the Web, IM can be a productivity improver and a time waster. Lack of visibility makes it difficult to ascertain what is happening."
IM viruses are transmitted in two ways -- as executable file attachments or as hyperlinks in IM text directing victims to malicious Web servers. In most cases, viruses are not automatically executed. Rather, they exploit social engineering tactics and an unjustified trust in IM buddy lists to convince victims to open unknown files or click on links.
"Dedicated IM hygiene products are the best way to protect and manage IM usage -- though simply filtering active URL hyperlinks and all file attachments will be effective at eliminating 90 percent of IM viruses, and many of these threats will be detected by desktop antivirus products," said Mr. Firstbrook. "Training end users to be more skeptical of instant messages, even those from their buddy lists, should also be part of an overall strategy. Finally, the usual precautions of rapid patching, antivirus software and personal firewalls remain effective against IM threats."
|