Company networks are now more likely to pick up malicious software via employee Web surfing than from e-mail attachments, according to a new study.
Nearly 40 percent of the 200 Danish companies surveyed said their systems had been infected by a virus or worm, despite the fact that 75 percent had implemented a security policy, IDC Denmark said in its report, released Wednesday. But the malicious software in question is no longer primarily making its way through e-mail, as in the past.
Security is an afterthought in rush to add features
"There is a common misconception that e-mails constitute the biggest security threat from the Internet," Per Andersen, IDC Denmark's managing director, said in a statement. "But the survey shows that up to 30 percent of companies with 500 or more staff have been infected as a result of Internet surfing, while only 20 to 25 percent of the same companies experienced viruses and worms from e-mails."
The risk of infection is about five times greater for companies that allow Internet usage by staff to go on unhindered and unmonitored, Andersen said.
The problem doesn't go away for companies that ban private Internet use, because often such policies aren't enforced, IDC found: About 30 percent of managers at such companies said staff accessed the Internet for personal use during working hours.
IDC believes that banning personal Internet use isn't realistic, particularly as a long-term solution. Instead, the research firm recommends closer monitoring of employees' Internet use and using tools that give management an overview of time spent and behavior patterns online.
"It can certainly be done in such a way that it does not constitute outright monitoring of the actions of every member of staff," Andersen said.
Attacks can come from relatively innocuous online sources, Andersen said. He cited the case of a poker Web site that placed a Trojan horse on users' PCs when they downloaded the site's help program.
They don't have to worry much about me though because:
1. I'm careful as to where I go on the internet. "News" sites like this are one thing, but I'm not playing poker here at work and refuse to access any porn sites.
2. I have one of the best anti-virus programs out there - I'm on a Mac running OSX! ;-)
If up to 25% of companies have gotten computers infected due to email, how can we say it isn't that big of a security risk? <a class="jive-link-external" href="http://essentialsecurity.com/Documents/article7.htm" target="_newWindow">http://essentialsecurity.com/Documents/article7.htm</a> Employees get email in their inboxes whether they want it or not. But they can make sure to stay away from malicious sites, which are probably not work related anyway. Until businesses can say that only a few percent of computer related issues are due to email viruses, trojans, etc., email security will remain a critical issue.
Perhaps the reason that a "poker site" installs a trojan horse is not that the employee was allowed to surf to that site, but that the company's sys-admins configured the employee's account as a system administrator?
People shouldn't work in admin accounts. They certainly should not read email or surf the web with admin privileges. They should not install programs with admin privileges unless needed, and in a corporate environment an employee should get proper permision to install software that needs admin privileges (that would generally rule out a poker site "helper" app).
Yes, it's true... and content filtering is the answer
It can be more dangerous if your company doesn't perform content filtering.
With all of the phished sites, allowing employees the ability to only browse company approved sites has been the way to stave this problem off for several years now.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Company requests ban on sales in the U.S. of the Samsung-made showcase for Google's heavily touted Ice Cream Sandwich version of the Android operating system, saying it violates four Apple patents.
AstrologyDating.com is a new site that tries to find you your perfect love on the basis of birth date, birth time, and birthplace. But will it tell you the truth? Well, it asks you to pay only per match. So I tried it.
The Web fulminates when it is revealed that executives from VEVO--vehement music industry antipirates--played a pirated stream of an NFL playoff game at a party. VEVO claims it left its Wi-Fi unsupervised. Have we heard that argument before?
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
iPhones and Angry Birds aside, the arcade endures. Crave pays a visit--and offers up an homage to games and gamers of years past and a tribute to the possibly endangered, but not yet dead, atmosphere of the arcade itself.
;-)
They don't have to worry much about me though because:
1. I'm careful as to where I go on the internet. "News" sites like
this are one thing, but I'm not playing poker here at work and
refuse to access any porn sites.
2. I have one of the best anti-virus programs out there - I'm on
a Mac running OSX!
;-)
Employees get email in their inboxes whether they want it or not. But they can make sure to stay away from malicious sites, which are probably not work related anyway. Until businesses can say that only a few percent of computer related issues are due to email viruses, trojans, etc., email security will remain a critical issue.
People shouldn't work in admin accounts. They certainly should not read email or surf the web with admin privileges. They should not install programs with admin privileges unless needed, and in a corporate environment an employee should get proper permision to install software that needs admin privileges (that would generally rule out a poker site "helper" app).
With all of the phished sites, allowing employees the ability to only browse company approved sites has been the way to stave this problem off for several years now.
Walt