Category: Statistics

A report released Wednesday by SurfControl contends that a sizeable number of U.S. businesses have yet to formulate or put into practice any official guidelines for dictating how workers may use IM on their networks.

A recent survey conducted by the IT security company found that 90 percent of the 7,500-plus businesses it spoke with have established policies to manage the use of e-mail, but 49 percent have no official rules in place to govern IM and peer-to-peer software usage.

Companies that fail to address the issue are increasingly susceptible to attacks, as a new crop of threats delivered via IM has appeared over the last several months.

“Instant messaging may be viewed as convenient to end users, but the business costs are too great to leave IM usage unchecked by security policy,” Jim Murphy, director of product marketing for SurfControl, said in a statement. “Numerous IM-borne viruses, worms, spyware applications and blended threats can all jeopardize network security and cost companies hundreds of thousands of dollars in clean-up costs.”

In the past month alone, multiple new variants of existing IM threats have appeared, looking to take advantage of people’s ignorance of the method of attack. The vast majority of the threats–in particular, the Bropia worm variants that use Microsoft’s MSN Messenger to spread–are hidden in IM messages that appear to have been sent by a known contact. The missives encourage people to click on a Web link or to download an attachment enclosed in an IM, but in reality, the messages hide some form of malicious code.

Since January, antivirus researchers have identified more than a dozen such threats, which typically are Trojan horses rather than flaw-exploiting viruses. That’s more than three times the number of similar attacks seen on public IM networks in the same period last year, according to figures from IM security company Akonix Systems.

Respondents to SurfControl’s survey ranked confidential data protection as one of their top security goals, with 83 percent of the companies interviewed citing it as a major concern.

Murphy said it is ironic that companies claiming to be tightly focused on securing their systems have let IM usage slip through the cracks. “Left ungoverned, instant-messaging applications are an easy vehicle for accidental or malicious disclosure of sensitive corporate data, including company financials, personnel records and customer data,” he said. “Clearly, companies must combine detailed acceptable-use policies with effective technology to manage instant messaging at work.”

http://news.zdnet.com/2100-1009_22-5631658.html

The first year of complying with section 404 of the Sarbanes-Oxley Act has come at a steep cost for many businesses, with greater-than-anticipated personnel, consulting, auditing, and software expenses, according to a survey by Financial Executives International, a professional association of CFOs, treasurers, and financial controllers.

The good news is that the cost of compliance efforts is expected to decrease this year as IT projects undertaken to meeting the financial-reporting requirements of section 404 progress.

Companies like Eastman Kodak, SunTrust Banks, and Toys R Us have reported accounting problems that may preclude their issuing such a statement in their 2004 annual reports.

Uncertainty over auditing procedures for section 404–final guidelines weren’t adopted by the Securities and Exchange Commission until late last year–was cited as a major reason for the variance between estimated and actual costs.

Ninety-four percent of the March survey respondents say the costs of Sarbanes-Oxley compliance exceeded the benefits.

Personnel and external costs are expected to decline by 39% on average through adoption of more-efficient compliance processes and procedures.

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=20JC5RPZDVSV4QSNDBGCKHSCJUMEKJVN?articleID=159904261

The survey, released Monday by security company Mazu Networks and the Enterprise Strategy Group, found that almost 75 percent of companies boosted security spending in 2004 to comply with regulations set by the Sarbanes-Oxley Act.

Despite those efforts, only 14 percent of respondents said they were “very confident” that their networks would repel all threats this year.

“I think this is a bit of a wake-up call,” said Tom Corn, vice president of marketing for Mazu Networks. “Not a lot of folks have confidence that they have mechanisms and processes in place to protect themselves.”

The survey, which polled 229 information technology professionals about their corporate networks, came as another report suggested that virus writers and online attackers are becoming more focused on using their skills to earn cash from fraud and identity theft.

The polled IT professionals had a similar story to tell, according to Corn. “We are starting to see a lot of these threats less for bragging rights and more about creating armies of system zombies and bots–there is a strong financial model for that,” he said.

About 47 percent of all respondents had a worm infect a company network in the past year, the Mazu survey found.

An eighth of those businesses had more than 25 percent of their network compromised during the incident.

However, the worry of worms has not helped close some major vulnerabilities at the companies, the survey indicated.

Almost 25 percent of all companies had an internal breach in 2004, and 40 percent of those incidents interrupted a critical service.

Almost half of the IT professionals surveyed found active accounts belonging to ex-employees, and a third found rogue wireless access points in their network.

Companies involved in the survey were required to have at least 1,000 employees. They represented more than 18 different industries.

http://news.zdnet.com/2100-1009_22-5628715.html

While tighter financial controls are forcing IT departments to keep a lid on network costs, cost-saving measures elsewhere may be putting more strain on the WAN, warned Peribit, the network optimisation company that commissioned the Global Application Performance survey.

“IT initiatives like consolidation have a knock-on effect on the network,” said Steven Wastie, Peribit marketing director. “If you reduce your number of mail servers from ten to four, or serve users from a central data centre, you put users further away from the content and that means more traffic on the network.”

While some users will meet this demand by buying new bandwidth, some 34 percent of network managers surveyed by Peribit don’t expect to increase their WAN investment at all in 2005.

Overall, the amount spent on new bandwidth will be 7 percent lower this year than 2004.

Of those surveyed, 71 percent agreed that they will be under pressure to improve applications performance and reduce IT costs.

All this is grist to Peribit’s mill — the company sells optimisation systems, which make the best use of bandwidth and help applications cope with latency. “Application performance is high up the agenda,” said Wastie, “and people understand that it is a latency issue, not just a bandwidth issue.” “Offshoring is a great example,” he said. “A company may put a call centre in the Philippines, but it has to access a customer database in the UK. If it takes three more seconds to answer a query, because of network latency, that may result in fewer calls taken during the day.”

“Disaster recovery is another example,” he said. “Financial institutions have to back up incredible amounts of data, from their primary centre to a secondary site, but there are only 24 hours in a day.” Ensure you continue to make the right strategic buying decisions for your company by keeping up to date on the latest hardware and software developments with our IT Infrastructure newsletter – spanning news, features and reviews.

http://news.zdnet.co.uk/communications/networks/0,39020345,39192131,00.htm

More than half of employees–including many IT workers–admit they misuse company E-mail systems for activities such as swapping lewd jokes, downloading pirated software, responding to spam, or forwarding confidential company information, according to new survey findings released this week.

Approximately 4,500 people from the United States, the United Kingdom, and Germany participated in the online survey, “E-Mail Use At Work,” conducted in December by content-security software vendor Clearswift Ltd.

IT workers are among the culprits circulating inappropriate material, including sexual or discriminatory jokes, the survey finds. Twenty-seven percent of U.S. and German IT personnel admitted distributing inappropriate material to colleagues. A slightly higher percentage of IT workers in the U.K. admitted E-mailing bawdy material, 31%. The U.K. also had the highest percentage–55%–of non-IT workers admitting to participating in such activity.

IT employees were more likely than non-IT workers overall to admit distributing confidential information via corporate E-mail systems.

Findings from that same Clearswift survey also revealed that 40% of workers in all three countries admit spending an hour or more every day using company E-mail systems for non-work related activities.

In the late 1990s, companies began paying more attention to the content coming into their business networks as they battled malicious code such as worms, viruses, and spam, says a Clearswift spokeswoman. Now, the trend among big companies is to pay closer attention to the content coming out of their systems, she says.

http://www.informationweek.com/showArticle.jhtml;jsessionid=ASHSOZUL0AZH0QSNDBNSKH0CJUMEKJVN?articleID=159901599

Latest research reveals the majority of IT bosses are confident about their companies’ security yet when drilling down through the findings we find a picture of disarray as companies lose track of laptops, remote access, the latest threats and the risk of employee wrong-doing.

According to findings released today, 99 percent of respondents said they are protected from threats while only three percent of European IT bosses believe they will never be 100 percent secure.

Mark Murtagh, European technical director at Websense — a provider of Web filtering and Internet securtity services which commissioned the research — said it paints a worrying picture for companies.

Eight percent of companies have no additional security in place beyond desktop antivirus and a firewall and many are being slow to react to the latest threats. Despite it being an issue which has hit the headlines in a big way over the past 12 months spyware is still getting an easy ride, with 35 percent of companies having no protection of any kind in place. And the ways in which spyware can get onto a machine continue to thrive with 56 percent of firms letting staff install and use peer-to-peer software — a common source of malicious code — and 43 percent of firms doing nothing to limit employee Web-surfing.

Furthermore 62 percent of companies are doing nothing to limit staff access to phishing sites.

And if staff decide to turn on their company and steal data or access areas of the network they shouldn’t, only 40 percent are equipped to identify them. More than two-thirds of UK IT bosses (68 percent) think laptops, which are taken home or used remotely and then plugged back into the network, pose a security risk and yet only a quarter (26 percent) are really doing anything about it. Only 21 percent believe it is the responsibility of the IT department while six percent said they don’t know who is responsible.

While 40 percent of respondents claim to audit PCs every three to six months, Murtagh believes this may amount to little more than ‘head count’ — “how many have we got and what operating system are they running?”. “Companies need to seriously audit PCs and undertake full risk assessment. I’d like to think if we did this survey again in six months I’d have some cause for optimism but there will still be a large number of companies who have failed to get a grip on their Internet security,” said Murtagh.

http://news.zdnet.co.uk/internet/security/0,39020375,39191336,00.htm