Spyware In The Enterprise - Report Example

Spyware in the Enterprise Executive Summary Spyware is presently one of the major security concerns facing the enterprise. This business report is part of our company's strategy to address the issues caused by spyware. Its purpose is to provide employees with basic information on spyware and the possible solutions to eradicate the problem. The report reviews in detail the causes and consequences of the widespread nature of the spyware phenomena; it outlines the implications it carries on a direct and indirect outlook. Spyware is widely defined as a software tool for which the primary function is the retrieval of personal online information without the prior knowledge of its users. It first appeared in the late nineties, although the name spyware is attributed to Zone Labs founder Gregor Freund who is suspected to have introduced it in 2000 (Wikipedia 2007). In referring to the present state of spyware, Gartner computer analyst John Pescatore reported "It's rapidly turning into a very serious problem. Last year, it was mostly annoying with all the pop-ups, but now it's leaving behind more serious problems," (Mark 2004). This report gives a detailed overview of the problems, and the various solutions currently available for combating spyware at the enterprise level. Multi-level preventive measures are essential in resolving the issues caused by spyware as they can considerably impact the its affect on the overall productivity of an organization. At this point, it is virtually impossible to fully eliminate the problem off a network, but there are several methods to control its influence at a level that minimizes its effect on the integrity of company networks and resources. Introduction Spyware has progressively become a serious technological concern for most enterprises which must rely on internetworking for business. According to a recent report it is the second largest network related security issue in enterprises (Sophos 2007). Commonly spyware is referenced as a combination of adware (ads, pop-ups) and application level data mining software. It is heavily financed by advertisers as a marketing approach to retrieve time-critical and sensitive information on the habits of online users. These financial backers in turn obtain relevant information to better target their advertising in part, or to resell the obtained data to the adequate parties, such as market research companies and the like. When it comes to the enterprise, the information targeted can be highly confidential as it is with our organization. After reading this report, the average employee is expected to be familiar with the meaning of spyware and related terms, the risks it entails, and some simple methods and practices to combat it on the enterprise network. How do we address the issue of spyware What are the various steps that can be implemented as an organization to reduce the risk presented by it Is installing an Anti-virus a sufficient strategy What could be the consequences of confidential data loss In this segment, we answer these questions as we offer a tour of spyware and its relevance as a security hazard in the workforce. Unlike other items, this issue concerns us all as we each share an internet connection at work; and thus are likely to have been infected by some form of spyware already. The problem and its impact on enterprise According to the National Cyber Security Alliance in the United States, about 90% of US PCs were reported to have some sort of spyware on them (NCSA 2005). This staggering number in the US alone gives an idea of the size of the problem. Even though, we do not have an estimate of the percentage of the Australian PCs infected, we are estimating it is comparable in percentage based on government research (Australian Government 2005). The problem is widespread because spyware passes through standard layers of security easier than most of us are prepared for. Spyware mostly infects a computer or laptop through its browser; an application we all use to access information on the internet. The Internet Explorer browser, for instance, is categorized as one of the most vulnerable software to spyware infection mostly due to its popularity around the globe. When infected with spyware, PCs, workstations, and laptops become transparent to these intrusive applications which monitor and record online activity for personal and sensitive information such as passwords, credit car information, confidential documents and files. The Jan 2006 Security Gateway report stated that about 50% of emails contained some form of spyware (Sophos 2007). It is relevant to know however, that most spyware applications are different from malware (viruses, worms, and trojans). Malware can seriously damage the information stored on a computer as it is engineered to attack certain key functions of a program or of a process on the computer; although certain spyware programs can also behave as malware. Malware programs do not usually retrieve information instead they replicate on different stations and programs with the ultimate goal for incurring data loss or damage. With a basic firewall and anti-virus program, the enterprise network can be well protected as it includes some regular updates performed at admin and user levels. Spyware instead can spread simply by accessing a certain site and triggering, for instance, an Active X control. Active X is a script that runs on websites to complete various functions of which it can retrieve sensible information from its visitors. It is a form of spyware which is mostly targeted toward adware, the commercial version of spyware. Spyware may appear on a computer through the web browser, but also through the installation of shareware or freeware applications such as Kazaa (Wikipedia 2007). In the web browser, it can simply occur through certain sites or via pop ups. The pop-up is the adware tool by excellence. The installation of shareware and freeware programs often masks an underlined spyware program which installs on the computer through "drive by download" and thus can start its function of information and behaviour retrieval (Sophos 2007). The major issue for the enterprise in addition to the liability it represents for critical information, is the capability of spyware to seriously impact and congestion a network; thereby affecting the productivity and performance of its connected users. The presence of spyware activity on a computer can easily be determined by a slow process in program launch and operation. This usually is the characteristic aspect of a spyware running below an application or in "stealth mode". In fact, a spyware application uses additional processing time and storage to run its functions (iS3 2006) which causes the overall performance of the computer to be significantly affected. Drivers and why it should be taken seriously - consequences Spyware is mostly driven by online advertisers. The information on market trends and behaviours that can be obtained through spyware represents a gold mine for advertisers, and thus renders the method attractive financially for companies in the advertising sector. The Spyware Prevention for the Enterprise also reports that spyware is supported and fuelled by organized crime (BlueCoat 2006). The objectives of these organized crime organizations would focus less on behaviour but rather on private, sensitive, and confidential content such as intellectual property, credential, business strategies, and planning. These organizations use spyware in a nutshell for the purpose of industrial espionage. It is an issue our organization should be particularly aware of as we have a quantity of confidential material on our networks. Not to say that we are currently at risk, we should all put in the effort to reduce the liability of our network integrity when it comes to spyware. Corporate managers and executives are very concerned about the risks that spyware represents for the enterprise and are usually explicit on the firm methods that should be employed to address the issue as the consequences can be considerable. Network World Magazine reported that the annual productivity cost of spyware per employee in a 1000- employee organization could be as high as $83,000 (Tipping Point 2007). This statistic explains the concern of corporate executives in addressing the issue in the best way possible. In educating our employees about the security problem caused by spyware; in showing and training them on the ways to address it, we are able to control its affect. For instance, let us assume in a worst case scenario that our latest marketing strategy happens to leak out of our network due to spyware and arrive into the hands of our competition. This could present a quantifiable risk for our company's short term strategy regardless of market implications. Spyware is a significant issue in the enterprise and should be handled with care throughout our corporate environment. How to combat it There are several ways to combat and control spyware. It begins with educating the workforce on the subject and the consequences it has on the productivity of an enterprise. Large organizations such as ours are encouraged to train employees on the subject. Overall, a well-planned strategy to reduce spyware may seem as a costly alternative in the short term, but the long term benefits are meaningful to the bottom line of the company. Of course there are several technological methods to address the issue of spyware, and they include the installation and monitoring of desktop agents, firewall/antivirus programs, URL filtering procedures, and spyware targeted hardware tools. Some recommended spyware software tools of choice for the enterprise include Pest Patrol (Schultz 2005), Trend Micro (2005), CheckPoint Integrity (Check Point 2006), ASC (iS3 2006). These are all products which have proven to prevent spyware attacks and assist in reducing the existing spyware through regular scanning and removing of malicious code. They are particularly fit for the enterprise network. Desktop agents are software applications that are installed on each computer connected to the network to detect spyware activity and track it to eliminate or reduce its affect. The operation of a desktop agent however is limited to the machine on which it is installed. These methods are usually shallow in addressing the real issue as spyware programs are usually part of resilient code which constantly update and evolve. Most desktop agents are incapable of preventing spyware attacks, they mostly serve once the software is already present on the machine. It is a first level of security which is insufficient yet necessary. Firewalls and antivirus software tools are complements to desktop agents and their function is fairly similar. The firewall which is properly configured can assist the user in preventing certain types of spyware from being installed on the user's machine. It brings the preventive aspect that desktop agents lack. URL filtering is a preventive method to reduce the amount of spyware attacks on a computer network. It is an efficient way to combat the issue, however it relies on the premise that the site is identified as a risk location. This estimation is mostly done by an admin and does not operate automatically at application level on each individual machine. The URL filtering is a company wide solution that can permit an important level of security if well configured as it applies to the entire workforce. The above methods to combat spyware can be efficient as long as they are done in a planned, regular and systematic manner. They offer both a preventive and post-active aspect and therefore offer a considerable obstacle to the spreading of spyware on the enterprise network. Although, most of these solutions combat the issue at the application level which reduces the capability for prevention. The ideal enterprise solution comprises of gateway solutions such as the Blue Coat gateway; a device designed to stop spyware attacks directly at the network level before it reaches a given computer. The gateway is installed directly on the enterprise network and acts as a regulator of malicious and commercial spyware attacks. A gateway is a method that allows to secure content management on the network through URL control, IM and streaming control (BlueCoat 2006). Another method to combat spyware intrusion and proliferation is through the implementation of internal and external policies. External policies rely on legislations to address spyware on a country-wide level. The legislation process can be lengthy. In addition it may present several limitations as producers and distributors of spyware can usually relocate overseas where legislation is more lenient (CSIA 2006). Therefore it is a preventive aspect that requires further investigation and support from politicians in order to have a real impact on internet security. . The internal policy is focused at the enterprise level. It mostly relies on the effective methods and habits that users can enforce while using the network in order to minimize the risk of spyware infection. The internal policy based prevention begins with the education of the workforce. It is followed by daily practices such as: making mostly use of the intranet while at work accessing only internet sites that are filtered for spyware notifying the administrator when a suspected infection is detected or prior to installing any software Avoiding to expose the network to third party software used at home or for travel Complying with network rules and regulations enforced by the company From an enterprise stand point, the measures outlined above present several layers of security capable of significantly reducing the risk that spyware may represent for the organization. It is of our responsibility as employees to insure that these guidelines are followed as closely as possible. Conclusions and Recommendations Spyware is today a main security issue for the enterprise network. Due to its inherent facility for spreading, it is difficult to avoid altogether. As preventive measures evolve and as technologists grasp a better understanding of the evolution of the technology, it will also enable better tools to serve in the enterprise. The problem as presented in the report has many implications on a technological level, but also on the productivity and financial levels in a company; and therefore should be handled with utmost care and diligence. We presented the several measures that currently exist to combat this networking epidemic and their relevant capabilities on a stand-alone basis. It appears that the level of security required of a network depends mostly on the users, their usage of the network, and whether it contains critical or confidential information. From our analysis of methods employed in an organizational setting to address spyware infection, it appears that the safest solution is a hybrid of hardware and software methods that can significantly reduce the risks of infection. Similarly, an educated workforce is more apt at enforcing procedures that facilitate the guarantee of network integrity in the workplace. In a company such as ours where access to time-critical and confidential information is an essential aspect of our work, it seems adequate to implement a preventive strategy that can bring the highest level of security through educational, technological and policy control. Bibliography Australian Government 2005, Department of Communications, Information Technology and the Arts, Spyware Discussion Paper, online white paper, Available at: http://www.dcita.gov.au/__data/assets/pdf_file/25973/Spyware_discussion_paper.pdf Blue Coat Systems, Inc 2006, Spyware Prevention for the Enterprise, online whitepaper, Available at: http://www.bluecoat.com Check Point Software Technologies Ltd 2006, Neutralizing Spyware in the Enterprise Environment, online whitepaper Available at: http://www.visiontechnologiesinc.net/files/Integrity_AntiSpyware_wp%5B1%5D.pdf Cyber Security Industry Alliance (CSIA) 2006, Spyware: Get the Facts, online whitepaper, Available at: http://www.csialliance.org iS3 2006, Spyware and the Enterprise: The Problems, the Costs, the Solutions, online whitepaper, Available at: http://www.is3.com Mark, R., 2004, Spyware Sneaking into the Enterprise, online whitepaper, Available at: http://www.internetnews.com/security/article.php/3375661 National Cyber Security Alliance (NCSA) 2005, Spyware: The threat of unwanted software programs is changing the way people use the Internet, online whitepaper, Available at: http://www.pewinternet.org/pdfs/PIP_Spyware_Report_July_05.pdf Schultz, K., 2005, 'Countering Spyware In The Enterprise', Available at: http://www.techworld.com/security/features/index.cfmfeatureid=899 Sophos Plc 2007, Spyware: Securing Gateway and endpoint against data theft, online whitepaper, Available at: http://www.sophos.com Tipping Point 2007, Understanding and Preventing Spyware in the Enterprise, online whitepaper, Available at: http://www.tippingpoint.com/ Trend Micro, Inc 2005, Evaluating Effective Enterprise-Class Anti-Spyware Solutions: Benefits of a Multi-layered Approach, online whitepaper Available at: http://de.trendmicro-europe.com/global/products/collaterals/white_papers/WP03SPYE_050527US.pdf Wikipedia, the Free Encyclopedia 2007, Spyware, Available at: http://en.wikipedia.org/wiki/Spyware Read More