Internal security threats multiply
- By William Jackson
- Jul 23, 2008
An evaluation of more than 100,000 endpoint devices at private-sector enterprises showed that significant numbers were missing essential software such as antivirus or security patches and were using unauthorized applications such as file sharing and remote control software.
Network management company Promisec Inc., of New York, scanned client endpoints with its Spectator tool in the first six months of this year.
'Despite millions of dollars invested in security technology and millions more in personnel costs, we did not find a single company that had a completely clean bill of health from a risk and security perspective,' said Alan Komet, vice president of worldwide marketing at Promisec.
'One of the most alarming findings of the audit was how rapidly these internal security threats have increased over the past year,' the company's report states. 'Compared to a similar study conducted in 2007, Promisec found that in the first half of 2008 the percentage of infected computers with unauthorized remote control software had increased by more than 200-fold, those without a working antivirus program had increased 12-fold and the number with unauthorized storage had increased tenfold. Other threats had increased by anywhere from two to eight times as many when compared to the previous year.'
The scans were conducted at small to midsize businesses and large enterprises in the financial services, health care, insurance, manufacturing and other sectors.
Among the threats found in the scans:
- Antivirus software was missing, not updated with the latest signature files or disabled in 22 percent of the hosts. It was the biggest problem noted in the report.
- Unauthorized removable storage was a close second. USB memory sticks and external hard drives represent a major risk for companies that handle confidential data or proprietary information.
- Unauthorized peer-to-peer applications came in third.
Peer-to-peer applications included file-sharing tools and instant messaging, which has become popular for quick, convenient communication.
'The sheer popularity of IM applications has made them become a security risk,' the report states. Instant messaging can be a vector for malicious code and data leaking out of an enterprise.
File sharing is another convenient tool, but it comes with its own set of vulnerabilities. 'One of the risks of a file-sharing application inside a network is the exposure of a computer to its entire peer network,' the report states. 'This means that if there is corporate information on that computer,...this data may be leaked to the outside world.'
Remote control software is another double-edged tool. 'Remote control software can make life easier for the internal IT staff in any organization,' the report states. 'It allows for troubleshooting problems without costly on-site visits, and most legitimate remote control software has functionality to allow for recording sessions, so in case of further issues, the user can play back the solution. Remote control software can also be a way of gaining access from home to assets in the corporation. However, for each legitimate use of these applications, there is an equally problematic one. If access is open to the internal network for users, it is also open for anyone else.'
William Jackson is freelance writer and the author of the CyberEye blog.