Symantec says enterprises failing to secure instant messaging

By Dennis Fisher, News Director 13 Jul 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Cupertino, Calif.-based security giant Symantec Corp. surveyed 400 CIOs on their organizations' IM security policy, and found that 57% of them had no security or availability policies for their IM systems. The survey also found that only 22% of organizations archive their employees' IM messages, a serious oversight that can lead to the leakage of confidential data or other sensitive information.

Nearly all enterprises have developed email archiving, retention and inspection policies, but the survey results suggest few organizations have extended that to their IM systems.

"It starts with visibility. Most IT departments don't have any visibility into the IM deployments in their enterprises," said Andrew Burton, senior product manager at Symantec.

More on secure instant messaging IM too critical a business app to ban Report: IM, P2P threats on the rise IM threats grow, response lags Symantec to purchase IMlogic

Burton said IM security is an issue, but enterprises should also address IM usage policies, data leakage and risk management. "These three areas have been addressed in email security," he said, "but most organizations haven't viewed them as something they need to address with IM."

Some industries, most notably financial services and securities trading, have developed regulations that specifically govern the usage of IM clients and require logging and archiving of IM conversations. Other industries are beginning to follow that lead, Burton said, but slowly, for the most part.

"With regulatory compliance, life sciences and health care are starting to see the need for this. Government is coming on board, too," he said. "In terms of governance, we're seeing a broader movement across industries to secure IM in order to comply with audits and IT governance requirements."

The results of the survey are especially surprising considering that the number of IM threats increased by more than 1,600% from 2004 to 2005, according to statistics gathered by Symantec. Last year the vendor recorded a total of 2,400 unique IM threats.

Burton attributed the increase to several factors, but noted that IM attacks often are more effective than email attacks, given the ease with which threats can spread through a user's contact list.

"There's a larger footprint [for IM] now, and the number of users attracts attackers," he said. "Plus, the effectiveness is higher. Once someone is infected, the social engineering aspect of IM increasing the likelihood that other people will fall victim to the attack."

Tags: IM Security Issues, Risks and Tools,  Security Industry Market Trends, Predictions and Forecasts,  Enterprise Risk Management: Metrics and Assessments,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat Security Industry Market Trends, Predictions and Forecasts Hackers to sharpen malware, malicious software in 2010 Part 1: Marcus Ranum on the state of information security Part 2: Marcus Ranum on the state of information security Part 4: Marcus Ranum on the state of information security Part 3: Marcus Ranum on the state of information security Part 5: Marcus Ranum on the state of information security Layoffs prompt insider threat fears, cybersecurity survey finds Healthcare security spending remains sluggish, report shows How to use Internet security threat reports M86 buys Web security gateway vendor Finjan Security Industry Market Trends, Predictions and Forecasts Research Enterprise Risk Management: Metrics and Assessments How to justify information security spending on cloud computing Layoffs prompt insider threat fears, cybersecurity survey finds How to avoid Internet liability lawsuits Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way Bernie Rominski: Communicate Effectively with Management about Risk Best Policy and Risk Management Products Monitoring program data and internal controls for risk management Risk management strategy for an information technology solution provider Align your data protection efforts with GRC The basics of enterprise GRC project management Enterprise Risk Management: Metrics and Assessments Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greynet  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary