{"id":1804,"date":"2005-03-23T00:00:00","date_gmt":"2005-03-23T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/03\/23\/report-companies-unprepared-for-im-attacks\/"},"modified":"2021-12-30T11:40:01","modified_gmt":"2021-12-30T11:40:01","slug":"report-companies-unprepared-for-im-attacks","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/03\/23\/report-companies-unprepared-for-im-attacks\/","title":{"rendered":"Report: Companies unprepared for IM attacks"},"content":{"rendered":"<p>Many businesses are leaving themselves vulnerable to the emerging crop of IM-borne attacks because they aren&#8217;t managing employee use of instant-messaging software, a new report finds.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A report released Wednesday by SurfControl contends that a sizeable number of U.S. businesses have yet to formulate or put into practice any official guidelines for dictating how workers may use IM on their networks.<\/p>\n<p>A recent survey conducted by the IT security company found that 90 percent of the 7,500-plus businesses it spoke with have established policies to manage the use of e-mail, but 49 percent have no official rules in place to govern IM and peer-to-peer software usage.<\/p>\n<p>Companies that fail to address the issue are increasingly susceptible to attacks, as a new crop of threats delivered via IM has appeared over the last several months.<\/p>\n<p>&#8220;Instant messaging may be viewed as convenient to end users, but the business costs are too great to leave IM usage unchecked by security policy,&#8221; Jim Murphy, director of product marketing for SurfControl, said in a statement.  &#8220;Numerous IM-borne viruses, worms, spyware applications and blended threats can all jeopardize network security and cost companies hundreds of thousands of dollars in clean-up costs.&#8221;<\/p>\n<p>In the past month alone, multiple new variants of existing IM threats have appeared, looking to take advantage of people&#8217;s ignorance of the method of attack.  The vast majority of the threats&#8211;in particular, the Bropia worm variants that use Microsoft&#8217;s MSN Messenger to spread&#8211;are hidden in IM messages that appear to have been sent by a known contact.  The missives encourage people to click on a Web link or to download an attachment enclosed in an IM, but in reality, the messages hide some form of malicious code.<\/p>\n<p>Since January, antivirus researchers have identified more than a dozen such threats, which typically are Trojan horses rather than flaw-exploiting viruses.  That&#8217;s more than three times the number of similar attacks seen on public IM networks in the same period last year, according to figures from IM security company Akonix Systems.<\/p>\n<p>Respondents to SurfControl&#8217;s survey ranked confidential data protection as one of their top security goals, with 83 percent of the companies interviewed citing it as a major concern.<\/p>\n<p>Murphy said it is ironic that companies claiming to be tightly focused on securing their systems have let IM usage slip through the cracks.  &#8220;Left ungoverned, instant-messaging applications are an easy vehicle for accidental or malicious disclosure of sensitive corporate data, including company financials, personnel records and customer data,&#8221; he said.  &#8220;Clearly, companies must combine detailed acceptable-use policies with effective technology to manage instant messaging at work.&#8221;<\/p>\n<p>http:\/\/news.zdnet.com\/2100-1009_22-5631658.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-1804","post","type-post","status-publish","format-standard","hentry","category-statistics"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1804"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1804\/revisions"}],"predecessor-version":[{"id":4291,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1804\/revisions\/4291"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}