Uncontrolled and insecure instant messaging (IM) use by staff is
leaving corporate networks and data exposed to the threat of hackers and virus
writers, according to Gartner.
The analyst house claims attackers are shifting their focus from
well-protected e-mail systems to IM as its use by employees within organizations
Viruses are the main threat and Gartner says IT managers who do
not adequately protect public IM will experience 80 per cent more IM-related
security incidents than those who do put in stronger defences.
The main risks of uncontrolled IM use include a lack of regulatory
compliance involving the retention and auditing of communications; the lack of
encryption to protect confidential data being exposed in IM; and the danger that
staff will use IM to circumvent e-mail usage policies and to play games and send
pornography, according to Gartner.
Peter Firstbrook, research director for Gartner's Information
Security and Privacy research group, said in a statement: "Lack of visibility
and control means that IT cannot manage the use of IM or enforce safe policies.
As with the web, IM can be a productivity improver and a time waster. Lack of
visibility makes it difficult to ascertain what is happening."
IM viruses are usually transmitted using social engineering
tactics to get victims to click on executable file attachments or hyperlinks in
IM messages that link through to malicious Web servers.
Security experts have been warning for two years about hackers exploiting IM to carry out attacks on
Andy McCue of Silicon.com reported from London.