Rising IM use poses corporate security risk

Uncontrolled and insecure instant messaging (IM) use by staff is leaving corporate networks and data exposed to the threat of hackers and virus writers, according to Gartner.

The analyst house claims attackers are shifting their focus from well-protected e-mail systems to IM as its use by employees within organizations increases.

Viruses are the main threat and Gartner says IT managers who do not adequately protect public IM will experience 80 per cent more IM-related security incidents than those who do put in stronger defences.

The main risks of uncontrolled IM use include a lack of regulatory compliance involving the retention and auditing of communications; the lack of encryption to protect confidential data being exposed in IM; and the danger that staff will use IM to circumvent e-mail usage policies and to play games and send pornography, according to Gartner.

Peter Firstbrook, research director for Gartner's Information Security and Privacy research group, said in a statement: "Lack of visibility and control means that IT cannot manage the use of IM or enforce safe policies. As with the web, IM can be a productivity improver and a time waster. Lack of visibility makes it difficult to ascertain what is happening."

IM viruses are usually transmitted using social engineering tactics to get victims to click on executable file attachments or hyperlinks in IM messages that link through to malicious Web servers.

Security experts have been warning for two years about hackers exploiting IM to carry out attacks on networks.

Andy McCue of Silicon.com reported from London.