February 17, 2003—One third of European companies have been infected with spyware applications on their networks, according to the “Emerging Internet Threats Survey 2003” released February 5. The emergence of spyware in corporations means companies may be making themselves vulnerable to unknown outside parties such as competitors, hackers, or advertisers, who can gather confidential company information without consent.
According to Out-law.com, spyware is “the term for software that is used to collect information about an individual or organization without their knowledge. It can be deposited as an e-mail attachment or as a Web site download.”
The survey, which includes input from 408 IT professionals from 20 European countries, was conducted by employee Internet management specialist Websense International and Infosecurity Europe 2003 to identify which Internet-related security threats are posing the most problems for IT staff.
Ninety-four percent of IT departments researched admitted to dealing with security issues as a result of employees’ use of the Internet. Personal Web surfing (31%), software downloads (24%) and Web-based e-mail (24%) were the top three concerns for IT professionals surveyed, with the survey also highlighting growing anxiety over emerging threats such as spyware, peer-to-peer (P2P) file sharing, instant messaging, and malicious mobile code (MMC).
Seventy percent of those surveyed believe P2P creates an “open door” to hackers, 62% believe that instant messaging can expose their companies to viruses, and 62% are worried that MMC may spread across their networks as a result of employees searching the Internet via infected URLs.
Despite growing awareness of the potential damage that can be caused by these new threats, the survey shows less than half of the organizations that claim to have Internet policies in place have included any guidelines for emerging threats, such as P2P or instant messaging.
“As users become more comfortable with using instant messaging, peer-to-peer file sharing, and personal storage sites, the e-enabled workplace is at increased risk,” said Geoff Haggart, vice president of EMEA at Websense. “Employees can now store company information remotely without trace, devastating viruses can be distributed, and outside parties can view internal data. As a result, employee Internet management is no longer just about productivity in the workplace but also about providing appropriate levels of security.”
Following the launch of its Premium Group III (PGIII) product in 2002, Websense currently provides organizations with the ability to block employee access to security-risk sites. Websense says that while this can proactively minimize the potential for attacks such as Web-based worms, viruses, and spyware, the forthcoming version of Websense software, v5, will help manage the complete intersection of the employee and his or her computing environment, from Web sites to network protocols to applications on desktops.
