Problems caused instant messaging, P2P and Skype cost companies nearly $130,000 per year

FaceTime Communications and NewDiligence reported results of their annual survey: Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes and Impact. The study confirms that employees are continuing to download and use unsanctioned applications to gain new business productivity advantages, while IT managers confirmed greynets continue to be dangerous if left unmanaged and can introduce significant risks to the business.

In October 2006, data was collected in a survey of more than 1,100 employees (end users) and IT managers to determine the impact that greynet applications have on enterprises, small and medium sized businesses. Greynets — real-time communications applications that are often introduced by end users and use highly evasive techniques to traverse the network — pose myriad network and information security risks because they provide vectors for malware, intellectual property loss, identity theft and compliance risks.

While some greynets such as Web conferencing, Web browsing, IM and Skype(TM) have legitimate business uses, IT needs visibility and control to ensure their safe and productive use. Still others such as P2P file sharing, video streaming, and anonymizers can pose further consequences to the organization. All these new, real-time collaborative applications can be evasive on the network, often circumventing traditional security infrastructure that was designed for email and standard Web traffic.

Results of the survey show that more users are adopting greynet applications while, at the same time, little progress has been made toward combating greynet-related attacks. Eighty one percent of IT managers reported greynet-related attacks within the last six months, about the same rate as one year ago. The most common attacks continue to be from spyware and adware (75 percent), viruses and worms (57 percent), other malware (22 percent) and rootkits and keyloggers (22 percent). Further, the required repair and remediation as a result of these attacks is costly. A typical organization is estimated to spend nearly $130,000 per year on average to repair damage from greynet-related attacks, while the largest companies are estimated to spend upwards of $350,000 per year repairing damage from greynet-related attacks due to higher incident rates.

Additional key findings include:

o Four in ten employees believe they have the right to install greynet applications on their work computer, and more than half the end users are at work locations where policies governing IM and P2P usage are disregarded (53 percent)

o The number of work locations where eight or more greynet applications are in use has doubled over the past 12 months, growing from 20 percent of locations one year ago to 41 percent today

o Seventy percent of end users have sent personal IMs from work, and 1 in 4 employees admitted to sending information about company plans, finances or password/login credentials via IM

o More than one-fourth of employees say they use IM in order to have “private, unmonitored communications,” and if end users knew their IM communications were monitored, almost half (45 percent) would pay more attention to company guidelines while one fifth would pick their words more carefully (21 percent)

o One in five IT managers report the unauthorized distribution of personal information (22 percent) or intellectual property (19 percent) via greynets

o Three-fourths of IT managers report productivity reductions from non-work related activities (73 percent) including downloading of adult materials (50 percent), copyright violations (39 percent) and violations of corporate communications policies (33 percent)

o Only 11 percent of IT managers believe their network systems would have intercepted the type of sexually explicit IMs allegedly sent by former Congressman Mark Foley

o On a positive note, two-thirds of IT managers recognize that “IM and P2P have benefits” but must nonetheless be managed by IT