FaceTime Communications and market research firm NewDiligence, today reported results of their annual survey: Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes and Impact.
The study confirms that employees are continuing to download and use unsanctioned applications to gain new business productivity advantages, while IT managers confirmed greynets continue to be dangerous if left unmanaged and can introduce significant risks to the business.
In October 2006, data was collected in a survey of more than 1,100 employees (end users) and IT managers to determine the impact that greynet applications have on enterprises, small and medium sized businesses. Greynets – real-time communications applications that are often introduced by end users and use highly evasive techniques to traverse the network – pose myriad network and information security risks because they provide vectors for malware, intellectual property loss, identity theft and compliance risks.
While some greynets such as Web conferencing, Web browsing, IM and Skype(TM) have legitimate business uses, IT needs visibility and control to ensure their safe and productive use. Still others such as P2P file sharing, video streaming, and anonymizers can pose further consequences to the organization. All these new, real-time collaborative applications can be evasive on the network, often circumventing traditional security infrastructure that was designed for email and standard Web traffic.
Results of the survey show that more users are adopting greynet applications while, at the same time, little progress has been made toward combating greynet-related attacks. Eighty one percent of IT managers reported greynet-related attacks within the last six months, about the same rate as one year ago. The most common attacks continue to be from spyware and adware (75 percent), viruses and worms (57 percent), other malware (22 percent) and rootkits and keyloggers (22 percent). Further, the required repair and remediation as a result of these attacks is costly. A typical organization is estimated to spend nearly $130,000 per year on average to repair damage from greynet-related attacks, while the largest companies are estimated to spend upwards of $350,000 per year repairing damage from greynet-related attacks due to higher incident rates.