Advertisment
Tech

How safe are IMs?

author-image
CIOL Bureau
Updated On
New Update

Pragati Simlote






NEW DELHI: Imagine a situation where despite putting all security measure in
place your company's secrets are being leaked.






The culprit could be instant messenger whilst an employee can send sensitive
information about his company using



Instant messenger (IM) attachments.






IM attachments - as they are not screened by network security systems can pose a
high risk, whilst the IM message carrying them can be harmless.






Use of IM as a communication tool is rising rapidly in the organizations.
Research firm Radicati has predicted that the number of worldwide IM accounts

will increase from 944 million in 2006 to over 1.4 billion in 2010.






Instead of being simply a tool for instant message delivery, IM is now even
evolving into a platform that can be a front-end for



enterprise applications. The research group Gartner has described instant

messaging as 'the sleeping giant of the Internet,' and predicted that the

majority of employees will eventually use it for business or personal

communication.






In the next few years, IDC expects instant messaging -- once the plaything of
teenagers -- to continue to grow into its role as a substantial business

collaboration application.






“More than 28 million business users worldwide used enterprise instant messaging
products to send nearly one billion messages each day in 2005,” according to IDC

analyst Robert Mahowald.






Apart from cost benefits, IMs also promote collaboration and community building
among employees, partners, and customers, which can result in significant

business benefits.






Despite such benefits, however, many organizations are hesitant to adopt IM
because of the threats and inefficiencies that unmanaged IM usage can introduce.

The use of non-regulated IM tools to share files poses a serious security threat

to organizations.






In a 2005 Websense survey, 74 per cent of IT managers across India had said
their employees have received

phishing

attacks via e-mail or instant messaging on their office PCs.






IM applications are inherently vulnerable to
viruses, worms,

and Trojan horses. The irony is that while corporate IT departments have

spent millions of pounds and many man-hours securing their email systems, most

have barely begun to address the risk of virus, worm or malicious code attack

through their employees' use of IM.






According to virus and


intrusion prevention solutions provider PandaLabs' director Luis Corrons,

“The dynamic of malware is changing rapidly. Unlike the typical malicious code

attacks, which aim to affect as many systems as possible, targeted attacks focus

on a specific user. Typical examples include cyber-crooks who use instant

messaging to gain the trust of potential victims before sending them infected

files.”






The gravity of the situation can be understood by looking at these figures. A
Websense survey recently found that while 62 per cent of organizations have

secured themselves against potential email threats, protection against IM and

P2P systems simply takes a lower priority. In a poll of more than 100

enterprises, only 11 per cent reported having IM solutions in place, compared to

73 per cent with email. Fifty per cent of correspondents said they hadn't even

considered an IM solution.






One simple solution to prevent information leak through IMs is to disallow its
use completely. But in companies where IM communication is part of the corporate

culture and presents significant business advantages, organizations need a more

flexible solution.






To address these concerns, organizations need the ability to set and enforce
policies for IM use within their organizations. Organizations facing a growing

number of risks associated with employee use of instant messaging applications

should consider implementing an IM security solution that defends against these

risks. Various security vendors have come out with IM security solutions. These

include Websense, Trend Micro, CipherTrust, Akonix Systems, Symantec, etc. Other

vendors waiting to enter this market include MessageLabs,



IronPort, etc.






Earlier this year


McAfee, provider of intrusion prevention and security risk management

solutions, had partnered with Paltalk, the largest instant chat (IC) community

on the Internet, to offer McAfee security products to users of the latest

release of the Paltalk Messenger, called Version 8.3.






"As Internet communication evolves and increasingly complex threats emerge,
McAfee is continually extending and innovating its protection to secure

consumers at every turn -- especially in the popular realm of instant messaging.

This relationship with Paltalk is a chance for us to provide comprehensive

protection to millions of additional instant messaging customers who could

otherwise be at risk," said Todd Gebhart, senior vice-president of worldwide

consumer and mobile sales at McAfee.






© CyberMedia News


 



































tech-news