Beware of spies in the machine

While spyware is widely used to track the patterns of individual users' internet usage, there is an unexplored and more sinister...

While spyware is widely used to track the patterns of individual users' internet usage, there is an unexplored and more sinister side to the tracking technology that could pose a real threat to corporate security.

Hypothetically speaking it could be used to commit acts of industrial espionage. If company A, for example, wants to know what ingredients company B uses in its rival product and where it sources them from, what is to prevent it using spyware to track the behaviour of employees in the supplies department of that organisation?

Opportunity for hackers

Spyware also presents politically or financially motivated hackers with an opportunity to bring a company to its knees. In the same way that advertisers can monitor how we use a website, the technology can be used to show hackers how a network is laid out and where confidential information is stored.

Added to this, the possibility of key-loggers stealing password information to access restricted areas of the network and information being leaked - or even used to hold the organisation to ransom - becomes more real.

It has not yet been used on any wide scale, but we should be mindful of the potential for spyware to propagate viruses and Trojans. These underlying threats mean that it is certainly not something that corporate businesses can afford to ignore.

But it is important to determine the extent to which this is a genuine threat, as just how much this technology can or will be used for these purposes is unclear. In any event, spyware can be incredibly difficult to build defence strategies against because it is so unpredictable - but there are some things that IT directors can do to mitigate the risks.

Controlling users' access to websites and downloads is crucial, as these are potential sources of spyware. Restricting web-based communication between client machines and servers known to host spyware is also advisable, as is tracking and reporting unusual web activity, which could indicate spyware application activity. As a further precaution, client-based detection and removal applications should be used to clear any infected devices.

However, the only way that organisations can prevent spyware from compromising their brand integrity is to incorporate it into a comprehensive security strategy. Spyware is a technical problem but organisations cannot expect to see the threat removed through technology alone.

The best way to combat evolving security threats is by implementing a security programme based on policy, education and technology combined.

The policy should dictate that individuals must avoid behaviour that may allow spyware to enter the network. This should then be backed by ongoing user education to alert them to the potential guises that spyware may take and how to deal with it.

Risk-bearing applications

Some of the most common sources of spyware infections stem from P2P file sharing and instant messaging applications and companies should not shy away from outlawing their use completely.

The serious vulnerabilities apparent in all of the popular instant messaging clients should put it high on the list of concerns for IT directors and the potential threat of spyware should move it up the list of priorities.

Once policy and education are in place, technology should be implemented to support them, as it is only through combining these approaches that companies can effectively protect the corporate network and the people who use it.

Martino Corbelli is director of marketing at SurfControl

Read more on IT risk management