The fact is that the biggest threat to an organization lies within its boundaries. In its 2006 survey, “Information Security Breaches,” the DTI and PricewaterhouseCoopers found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners.
Similarly, law enforcement experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously or unwittingly. So securing the enterprise isn’t just about stopping external threats. It’s just as important to contain the threat from hapless or hazardous employees.
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware.
These are the six most common spyware myths:
1. It’s an isolated problem.
2. Blocking at the gateway is good enough.
3. Locking down the desktop is good enough.
4. Drive-by downloads are a primary source of penetration.
5. The problem comes from the outside in.
6. No one wants spyware.
But the truth of the matter is somewhat different. Let’s look at the real situation that’s masked by each myth.
1. Most spyware comes in as the direct result of user behavior, whether that user is naïve or ill-intentioned.
2. Stuff comes in at the desktop all day long. Blocking at the gateway without securing the desktop PC doesn’t make security sense. It’s like locking the doors and windows of the house - with the burglar still in the basement - and not bothering to call the police. What’s more, gateway defenses cannot detect threats already on desktop PCs.
3. If “locking down” the desktop and restricting user installation were effective, there would be no need for antivirus software. Spyware is designed to get around acceptable use policies and exploits users’ inquisitive nature.
4. “Drive-by downloads” should never occur in a corporate environment, because they come from sites that users should not visit at work.
5. Sure, spyware comes from outside - because someone opened the door and let it in. Not recognizing this results in a porous security infrastructure.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.