Lack Policy Enforcement Malware’s Ticket to the Corporate Network
Programs downloaded by users from the Internet, often against security policies, are an increasing problem for network administrators responsible for network security. According to FaceTime Security Labs, these greynet applications are responsible for a growing number of peer-to-peer and multichannel attacks. Eweek says:
"The numbers alone don't tell the story," said Chris Boyd, director of malware research at FaceTime Security Labs, in a statement. "The sources of the most insidious threats we identified in 2006 are not the glory-hungry hackers of yesterday. These are cyber-criminals and click-fraud experts who are well-funded, extremely savvy, and their M.O. is to stay in the background and collect as much information as they can before moving on to the next target."
See today's other post on attacks at a popular U.S. retailer for an example of such an information theft type of attack.
Statistics from FaceTimes’ Second Annual Greynets Survey show we have a lot of work ahead to get users to understand the full scope of the malware problem and how greynet apps circumvent security measures. They survey found:
39 percent of users believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy, while 53 percent of users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
In spite of widespread information about security risks, user awareness continues to be a key problem.