As IM use increases, so do IM threats, typically viruses, as attackers begin to shift focus from better-protected e-mail systems to IM. Gartner analysts said IT administrators who do not manage and protect public IM will experience 80 percent more IM-related security incidents than those that do.
"IT organizations must keep this threat in context and balance it against the productivity benefits of IM," said Peter Firstbrook, research director for Gartner's Information Security and Privacy research group. "Employees report benefiting from faster decisions, higher productivity and lower telecommunications costs when they use IM. However, organizations must plan for and build a strategy for IM management and security, much like they have for e-mail."
Gartner analysts identified a number of risks of uncontrolled IM including:
- Lack of regulatory compliance involving records retention, communications limitations between employees and auditing of communications, among others
- Lack of universal encryption or widespread use of encryption can result in confidential or secret data being exposed in IM communications
- Lack of records or universal naming conventions can result in disputes over what was communicated and with whom, when business deals are conducted over IM networks.
- Lack of visibility into IM usage can result in noncompliance with acceptable usage of enterprise assets, such as transfer of pornography, or salacious messages, and playing multiplayer games.
"Unsolicited IM advertising messages, usually driven by compromised buddies, are beginning to appear and grow. Lack of visibility and control means that IT cannot manage the use of IM or enforce safe policies," said Mr. Firstbrook. "As with the Web, IM can be a productivity improver and a time waster. Lack of visibility makes it difficult to ascertain what is happening."
IM viruses are transmitted in two ways -- as executable file attachments or as hyperlinks in IM text directing victims to malicious Web servers. In most cases, viruses are not automatically executed. Rather, they exploit social engineering tactics and an unjustified trust in IM buddy lists to convince victims to open unknown files or click on links.
"Dedicated IM hygiene products are the best way to protect and manage IM usage -- though simply filtering active URL hyperlinks and all file attachments will be effective at eliminating 90 percent of IM viruses, and many of these threats will be detected by desktop antivirus products," said Mr. Firstbrook. "Training end users to be more skeptical of instant messages, even those from their buddy lists, should also be part of an overall strategy. Finally, the usual precautions of rapid patching, antivirus software and personal firewalls remain effective against IM threats."
Additional information on IM security, as well as practical advice on all aspects of IT security will be presented at the Gartner IT Security Summit, taking place June 5-7 in Washington D.C. The Gartner IT Security Summit hits the critical spot between strategic planning and tactical advice. Gartner analysts, industry experts and IT security practitioners deliver unbiased, realistic analysis on the current state of IT security, as well as an independent overview of the market during the next 12-18 months.
Covering the depth and breadth of topics comprising IT security today, the Gartner IT Security Summit has a single objective: to bring to light the repeatable, manageable security processes needed to address today's and tomorrow's threats. For complete event details please visit the Gartner IT Security Summit Web site
