Messaging and Web Security Best Practices for 2011 and Beyond

by tapangarg on June 2, 2011

(Excerpts from an Osterman Research report.)

Executive summary

In an Osterman Research survey conducted during January 2011, decision makers and influencers demonstrated that they are decidedly pessimistic about the future of spam and malware problems for 2011, as shown in the figure below.

Predictions about global spam and malware problems in 2011

They have little reason to be optimistic: despite recent, albeit temporary, good news – such as reductions in the number of spam messages traversing the Internet – there has been relatively little good news in the context of threats directed against messaging and Web users. Further, while many decision makers are taking messaging and Web security threats quite seriously, a soft economy coupled with threats that are rapidly increasing in sophistication and severity, means that many organizations are not keeping pace with the threats they face. For example:

  • Symantec.cloud reported that 41.1% of all of the malicious domains they blocked during January 2011 were new, representing an increase of 7.9% from the month before.
  • The Rustock botnet was more or less shut down during the 2010 Holiday season. However, GFI Software reports that in January 2011 Rustock was reactivated and its spam volume increased by 98% almost overnight. As of late March 2011, Rustock has been silenced once again, but has the potential for coming back online.
  • SpamTitan reported results from a 2010 survey that found that 49% of small- to mid-sized businesses had not taken even basic steps toward crafting a social media policy.
  • Edgewave reported that during the month ending February 23, 2011, there were anywhere from 49 to 352 new spam campaigns launched every day.
  • In 2010, Websense Security Labs found that 61% of all data stealing attacks occurred over the Web or email.

Key takeaways

There are five key points that readers of this white paper should understand and appreciate:

Spam is still a major problem
Despite some recent good news on the spam front, spam volumes continue to increase and are expected to do so for many years to come. Because it saps storage, bandwidth and employee productivity; and is increasingly used as part of malware-distribution campaigns, spam continues to be a very serious problem.

Malware is a rapidly growing threat
Malware infiltration continues to be a vexing issue for IT management because of

a) the increasing sophistication of the threats,
b) the financial and other damage they can cause, and
c) the sheer volume of new malware that is being distributed across the Internet.

There are more places for spam and malware to enter an organization
The number of venues for unwanted content to enter an organization is growing. In addition to the normal email channel, this content now increasingly enters an organization through social media tools like Twitter and Facebook, personal Webmail accounts used for work-related applications, Web enabled smartphones, other mobile devices like iPads, the growing number of cloud-based applications used in the workplace, voice-over-IP systems, real time communication tools like instant messaging, flash drives, applications that users download that are not sanctioned by IT, and normal Web surfing to legitimate Web sites.

The network perimeter is disappearing, making organizations more vulnerable
The network perimeter is rapidly disappearing. Where there used to be a clear distinction between the corporate network and the outside world, the growing number of employees who work from home, coupled with the increasing number of mobile devices used for both work and personal applications, means that the network perimeter often does not exist.

Data loss is becoming a greater risk
The granularity and thoroughness of the policies to manage messaging and Web applications have not kept pace with the threats that organizations  face. This makes organizations more  vulnerable to data loss, financial loss, damage to corporate reputation, higher remediation costs and other problems. The risk of data loss through the Web has been exacerbated dramatically with the rapid growth of social media and other  Web 2.0 applications.

 

Related Posts:

  • http://www.softworld.com/windows/communications/chat-instant-messaging/aol-instant-messenger-aim/ AOL Instant Messenger

    Thanks a lot for the useful tips on Messaging and Web Security. They were very useful. 

Previous post:

Next post: