More than half of corporate instant messaging (IM) users ignore
security policies, while roughly 40% say it's their right to
disregard those policies.
But IM isn't the only application end users are downloading that
can wreak havoc.
According to a recent survey released by market research firm
NewDiligence and commissioned by security vendor FaceTime
Communications, applications such as IM, peer-to-peer (P2P), Skype
and other consumer VoIP services, and Web conferencing are
affecting the network now more than ever, costing companies up to
$130,000 per year to quell security incidents caused by the
unsanctioned apps.
The study, which asked 1,100 end users and IT professionals
about their use and management of greynets -- real-time
communications apps such as IM, P2P, Skype and Web conferencing
that are introduced by end users and use evasive techniques to
traverse the network – found that employees are downloading and
using unsanctioned applications to gain new business productivity
advantages, while IT managers confirm that these greynets continue
to be a massive danger, which -- if left unmanaged -- can introduce
huge risks.
According to FaceTime president and CEO Kailash Ambwani, the
difference in end-user and IT perspectives when it comes to greynet
poses a myriad of threats to network and information security
because they can act as vectors for malware, intellectual property
loss, identity theft and compliance risks.
Ambwani admits that greynets such as IM, Skype and Web
conferencing tools have legitimate business uses, but he said IT
needs visibility and control over those apps.
The survey found that more users are adopting and downloading
greynet applications, and there has been little progress in
combating the types of threats they introduce. Of those polled, 81%
of IT managers said they've experienced greynet-related attacks
within the last six months, roughly the same percentage that
reported attacks in the previous year's survey. The most common
attacks were from spyware and adware, 75%; viruses and worms, 57%;
other malware, 22%; and rootkits and keyloggers, 22%.
Moreover, repairing and remedying these attacks costs
average-size organizations nearly $130,000 per year, while the
largest enterprises spend upward of $350,000 per year in
greynet-related damage control.
The survey also found that four in 10 end users feel they have a
right to install greynets on their work computers, while more than
half of them, 53%, are at work locations where policies governing
IM and P2P usage are in place but disregarded.
Instant messaging is still the dominant greynet in use, according
to the survey. Overall, 70% of end-user respondents said they have
sent personal IMs from work, while one in four admitted to sending
information about company plans, finances or passwords via IM. More
than 25% of end users said they use IM in order to have "private,
unmonitored communications," 45% of them adding that if they knew
their IMs were being monitored, they would pay more attention to
company guidelines, and 21% saying that they would pick their words
more carefully. Thirty-three percent of end users said they would
use IM less often if they knew it was being monitored, and 28% said
they would be more cautious about clicking links.
For IT managers, unauthorized use of greynets has boosted the
distribution of personal information and intellectual property, the
survey found. Twenty-two percent of IT managers said personal
information has been sent, while 19% found intellectual property
being spread via greynets. Also, about 75% of IT managers said
greynet use saps productivity.
Despite the potential for trouble, two-thirds of IT managers
recognize that applications such as IM and P2P have business
benefits if they're managed correctly. Of the IT managers polled,
20% said IM's benefits outweigh the risks.