Risky Business - Greynets

We know very well that many security breaches occur due to simple human error. While most people know by now, not to write down passwords and/or leave their laptops unprotected, they may not know about a relatively new threat: greynets.

A new FaceTime study reports -

2007's Biggest Risk: Employees Undermining Corporate Security

The danger of this new breed of malware is compounded by the increasingly risky behavior of today's employees, who frequently introduce consumer greynet applications onto the corporate network– most often without the sanction of their IT department. The user is squarely at the cornerstone of enterprise security concerns, according to FaceTime's Second Annual Greynets Survey (October, 2006). The survey revealed that:

• Four in ten end users (39%) believe they should be allowed to "install the applications they need on their work computers," independent of IT oversight or policy.
• Fifty-three percent of end users report they "tend to disregard" company policies that govern greynet usage, specifically IM and peer-to-peer file sharing.
• Eight in ten IT managers are at locations that have experienced greynet-related attacks within the last six months
• The number of greynet applications installed on a typical enterprise network have increased dramatically; work locations where eight or more greynet applications are in use have doubled, growing from 20 percent of all locations in 2005 to 41 percent in 2006.
• Sixty percent of managers report that within the past six months, security attacks have been more likely to have invisible effects (like keyloggers) rather than outcomes apparent to the end user, such as a hijacked browser, making compromised PCs more difficult to detect.