Pragati Simlote
NEW DELHI: Imagine a situation where despite putting all security measure in
place your company's secrets are being leaked.
The culprit could be instant messenger whilst an employee can send sensitive
information about his company using
Instant messenger (IM) attachments.
IM attachments - as they are not screened by network security systems can pose a
high risk, whilst the IM message carrying them can be harmless.
Use of IM as a communication tool is rising rapidly in the organizations.
Research firm Radicati has predicted that the number of worldwide IM accounts
will increase from 944 million in 2006 to over 1.4 billion in 2010.
Instead of being simply a tool for instant message delivery, IM is now even
evolving into a platform that can be a front-end for
enterprise applications. The research group Gartner has described instant
messaging as 'the sleeping giant of the Internet,' and predicted that the
majority of employees will eventually use it for business or personal
communication.
In the next few years, IDC expects instant messaging -- once the plaything of
teenagers -- to continue to grow into its role as a substantial business
collaboration application.
“More than 28 million business users worldwide used enterprise instant messaging
products to send nearly one billion messages each day in 2005,” according to IDC
analyst Robert Mahowald.
Apart from cost benefits, IMs also promote collaboration and community building
among employees, partners, and customers, which can result in significant
business benefits.
Despite such benefits, however, many organizations are hesitant to adopt IM
because of the threats and inefficiencies that unmanaged IM usage can introduce.
The use of non-regulated IM tools to share files poses a serious security threat
to organizations.
In a 2005 Websense survey, 74 per cent of IT managers across India had said
their employees have received
phishing
attacks via e-mail or instant messaging on their office PCs.
IM applications are inherently vulnerable to
viruses, worms,
and Trojan horses. The irony is that while corporate IT departments have
spent millions of pounds and many man-hours securing their email systems, most
have barely begun to address the risk of virus, worm or malicious code attack
through their employees' use of IM.
According to virus and
intrusion prevention solutions provider PandaLabs' director Luis Corrons,
“The dynamic of malware is changing rapidly. Unlike the typical malicious code
attacks, which aim to affect as many systems as possible, targeted attacks focus
on a specific user. Typical examples include cyber-crooks who use instant
messaging to gain the trust of potential victims before sending them infected
files.”
The gravity of the situation can be understood by looking at these figures. A
Websense survey recently found that while 62 per cent of organizations have
secured themselves against potential email threats, protection against IM and
P2P systems simply takes a lower priority. In a poll of more than 100
enterprises, only 11 per cent reported having IM solutions in place, compared to
73 per cent with email. Fifty per cent of correspondents said they hadn't even
considered an IM solution.
One simple solution to prevent information leak through IMs is to disallow its
use completely. But in companies where IM communication is part of the corporate
culture and presents significant business advantages, organizations need a more
flexible solution.
To address these concerns, organizations need the ability to set and enforce
policies for IM use within their organizations. Organizations facing a growing
number of risks associated with employee use of instant messaging applications
should consider implementing an IM security solution that defends against these
risks. Various security vendors have come out with IM security solutions. These
include Websense, Trend Micro, CipherTrust, Akonix Systems, Symantec, etc. Other
vendors waiting to enter this market include MessageLabs,
IronPort, etc.
Earlier this year
McAfee, provider of intrusion prevention and security risk management
solutions, had partnered with Paltalk, the largest instant chat (IC) community
on the Internet, to offer McAfee security products to users of the latest
release of the Paltalk Messenger, called Version 8.3.
"As Internet communication evolves and increasingly complex threats emerge,
McAfee is continually extending and innovating its protection to secure
consumers at every turn -- especially in the popular realm of instant messaging.
This relationship with Paltalk is a chance for us to provide comprehensive
protection to millions of additional instant messaging customers who could
otherwise be at risk," said Todd Gebhart, senior vice-president of worldwide
consumer and mobile sales at McAfee.
© CyberMedia News
How safe are IMs?
New Update