Pragati Simlote

NEW DELHI: Imagine a situation where despite putting all security measure in place your company's secrets are being leaked.

The culprit could be instant messenger whilst an employee can send sensitive information about his company using Instant messenger (IM) attachments.

IM attachments - as they are not screened by network security systems can pose a high risk, whilst the IM message carrying them can be harmless.

Use of IM as a communication tool is rising rapidly in the organizations. Research firm Radicati has predicted that the number of worldwide IM accounts will increase from 944 million in 2006 to over 1.4 billion in 2010.

Instead of being simply a tool for instant message delivery, IM is now even evolving into a platform that can be a front-end for enterprise applications. The research group Gartner has described instant messaging as 'the sleeping giant of the Internet,' and predicted that the majority of employees will eventually use it for business or personal communication.

In the next few years, IDC expects instant messaging -- once the plaything of teenagers -- to continue to grow into its role as a substantial business collaboration application.

“More than 28 million business users worldwide used enterprise instant messaging products to send nearly one billion messages each day in 2005,” according to IDC analyst Robert Mahowald.

Apart from cost benefits, IMs also promote collaboration and community building among employees, partners, and customers, which can result in significant business benefits.

Despite such benefits, however, many organizations are hesitant to adopt IM because of the threats and inefficiencies that unmanaged IM usage can introduce. The use of non-regulated IM tools to share files poses a serious security threat to organizations.

In a 2005 Websense survey, 74 per cent of IT managers across India had said their employees have received phishing attacks via e-mail or instant messaging on their office PCs.

IM applications are inherently vulnerable to viruses, worms, and Trojan horses. The irony is that while corporate IT departments have spent millions of pounds and many man-hours securing their email systems, most have barely begun to address the risk of virus, worm or malicious code attack through their employees' use of IM.

According to virus and intrusion prevention solutions provider PandaLabs' director Luis Corrons, “The dynamic of malware is changing rapidly. Unlike the typical malicious code attacks, which aim to affect as many systems as possible, targeted attacks focus on a specific user. Typical examples include cyber-crooks who use instant messaging to gain the trust of potential victims before sending them infected files.”

The gravity of the situation can be understood by looking at these figures. A Websense survey recently found that while 62 per cent of organizations have secured themselves against potential email threats, protection against IM and P2P systems simply takes a lower priority. In a poll of more than 100 enterprises, only 11 per cent reported having IM solutions in place, compared to 73 per cent with email. Fifty per cent of correspondents said they hadn't even considered an IM solution.

One simple solution to prevent information leak through IMs is to disallow its use completely. But in companies where IM communication is part of the corporate culture and presents significant business advantages, organizations need a more flexible solution.

To address these concerns, organizations need the ability to set and enforce policies for IM use within their organizations. Organizations facing a growing number of risks associated with employee use of instant messaging applications should consider implementing an IM security solution that defends against these risks. Various security vendors have come out with IM security solutions. These include Websense, Trend Micro, CipherTrust, Akonix Systems, Symantec, etc. Other vendors waiting to enter this market include MessageLabs, IronPort, etc.

Earlier this year McAfee, provider of intrusion prevention and security risk management solutions, had partnered with Paltalk, the largest instant chat (IC) community on the Internet, to offer McAfee security products to users of the latest release of the Paltalk Messenger, called Version 8.3.

"As Internet communication evolves and increasingly complex threats emerge, McAfee is continually extending and innovating its protection to secure consumers at every turn -- especially in the popular realm of instant messaging. This relationship with Paltalk is a chance for us to provide comprehensive protection to millions of additional instant messaging customers who could otherwise be at risk," said Todd Gebhart, senior vice-president of worldwide consumer and mobile sales at McAfee.

© CyberMedia News