To most companies, the perception is that the biggest threat to their users’ security continues to come from email and Spam.
In today’s world, corporate communications systems are totally reliant on giving their employees Web access and email to conduct their business. Take away access to email and the Web for most employees, and they’d claim their productivity would fall. So the focus today of most IT security vendors and corporate security budgets is still on protecting email traffic.
But is e-mail really the biggest threat?
If you were a burglar looking to attack a domestic property, you’d surely choose the weakest, least protected point to gain access to property. The same applies to anyone who would attack your company’s infrastructure searching for the weakest link. It’s not the already well-protected email system they’ll attack; it’s the comparatively less well-protected, and so vulnerable, Web traffic.
The Web is undoubtedly a prime channel for attack, because the defence mechanisms are less clear-cut. It is a couple of years since the Code Red worm exploited a known vulnerability in Microsoft IIS server to attack end user desktops. And in those two years, little has changed. Although there is standards work on security in train, there is no accepted security standard for Web sites to provide any guarantee of data safety for a website you are surfing to, and so nothing to prevent the risks to your business from Web traffic.
At the heart of the problem is Adware, which is bandwidth consuming, presents privacy and security concerns, can cause stability and performance problems where it is installed and is distracting to employees. In fact, most employees who are allowed to surf the Web at work probably have some form of Adware on their workstation. The bandwidth consumption alone is enormous as Adware can account for up to 50% or more of a company’s network traffic.
Adware is a form of Spyware. Often installed without the user’s consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window, Adware may be bundled with other software or downloaded in peer-to-peer (P2P) networks such as music-swapping sites. Once installed, the software follows a user's Internet surfing habits, and delivers advertisements based on these habits. Such Spyware also engages in more deceitful practices such as monitoring keystrokes to gather confidential information, such as a user's e-mail address, location, or even credit card information.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.