by Dan Warne
SIMON Richardson, the technical and communications manager at Mercy Health and Aged Care, thought he had spyware under control. At a cost of $22,000 annually, he'd purchased WebSense internet monitoring for a company internet gateway, blocking spyware from being downloaded into company PCs.
"That was until a puzzling case of one of our laptops recently coming back loaded with spyware," he says.
"We realised staff were taking laptops home and connecting them to their home broadband, outside our filtered internet environment. That's how the spyware got in."
Security consultants say spyware control isn't as simple as virus control and companies in Australia are frequently facing similar scenarios as they work to develop multi-pronged approaches to the problem.
Broadly defined as hidden applications that illicitly gather information about a user, spyware poses two main risks: leakage of intellectual property such as company documents, and theft of network security identities, according to Betrusted security consultant Andrew Probert.
"It wouldn't be alarmist to say that anyone who could gather legitimate network IDs using spyware could become a financial controller for the day and write themselves company cheques," Probert says.
Minter Ellison technology group chief Oliver Barrett says the risk posed by spyware goes right to the top and company directors can be held personally liable for security breaches caused by spyware.
"Most directors and senior officers of large corporations are woefully ignorant on the topic, and yet they're responsible for the operations of the business, including network security," Barrett says.
There is little distinction in law between a company employee emailing confidential customer records to a member of the public, and spyware doing it without their knowledge.
A staggering 92 per cent of US-based IT managers say their desktop fleets are compromised by spyware, according to a recent Web@Work survey, commissioned by internet monitoring vendor WebSense.
In contrast, only 6 per cent of end users say they are affected. WebSense says the disparity highlights an urgent need for better employee education about the risks of spyware.
Security consultants admit that once spyware is installed on desktop PCs it is difficult to remove without technicians manually running removal tools on each PC.
"Prevention is easier," Probert says.
Major antivirus vendors now include spyware detection in their antivirus offerings, but admit there is still much work to be done.
Symantec Asia-Pacific enterprise sales manager David Sykes says the specialist anti-spyware tools still work better at this stage.
"They work it as a niche area and keep their signatures more up to date than we can," he says.
Symantec advises companies to run managed desktop firewall software alongside antivirus software at the individual PC level.
"Hardware firewalls at a gateway level generally focus on stuff coming in, but to mitigate the risk of spyware you also have to control stuff going out," Sykes says.
Business-grade spyware removal products are slowly appearing, including WebRoot SpySweeper Enterprise, which has a network-wide management interface, and Websense Enterprise Client Policy Manager, which allows IT managers to prevent individual programs from running on all company PCs at once.
Source: Australian IT
Leave a comment