IM, Skype, P2P open security holes: Survey

But IM isn't the only application end users are downloading that can wreak havoc.

According to a recent survey released by market research firm NewDiligence and commissioned by security vendor FaceTime Communications, applications such as IM, peer-to-peer (P2P), Skype and other consumer VoIP services, and Web conferencing are affecting the network now more than ever, costing companies up to $130,000 per year to quell security incidents caused by the unsanctioned apps.

The study, which asked 1,100 end users and IT professionals about their use and management of greynets -- real-time communications apps such as IM, P2P, Skype and Web conferencing that are introduced by end users and use evasive techniques to traverse the network – found that employees are downloading and using unsanctioned applications to gain new business productivity advantages, while IT managers confirm that these greynets continue to be a massive danger, which -- if left unmanaged -- can introduce huge risks.

According to FaceTime president and CEO Kailash Ambwani, the difference in end-user and IT perspectives when it comes to greynet poses a myriad of threats to network and information security because they can act as vectors for malware, intellectual property loss, identity theft and compliance risks.

Ambwani admits that greynets such as IM, Skype and Web conferencing tools have legitimate business uses, but he said IT needs visibility and control over those apps.

The survey found that more users are adopting and downloading greynet applications, and there has been little progress in combating the types of threats they introduce. Of those polled, 81% of IT managers said they've experienced greynet-related attacks within the last six months, roughly the same percentage that reported attacks in the previous year's survey. The most common attacks were from spyware and adware, 75%; viruses and worms, 57%; other malware, 22%; and rootkits and keyloggers, 22%.

Moreover, repairing and remedying these attacks costs average-size organizations nearly $130,000 per year, while the largest enterprises spend upward of $350,000 per year in greynet-related damage control.

The survey also found that four in 10 end users feel they have a right to install greynets on their work computers, while more than half of them, 53%, are at work locations where policies governing IM and P2P usage are in place but disregarded.

For more information Read more about IM-related security concerns. Check out a story on VoIP security.

For IT managers, unauthorized use of greynets has boosted the distribution of personal information and intellectual property, the survey found. Twenty-two percent of IT managers said personal information has been sent, while 19% found intellectual property being spread via greynets. Also, about 75% of IT managers said greynet use saps productivity.

Despite the potential for trouble, two-thirds of IT managers recognize that applications such as IM and P2P have business benefits if they're managed correctly. Of the IT managers polled, 20% said IM's benefits outweigh the risks.