Enterprise Spyware Threats Reach All-Time High

An industrywide survey shows that corporate networks are being bombarded with spyware infiltration in record numbers, but relatively few corporations are deploying adequate solutions to combat the threat.

The survey, conducted by Equation Research for Internet security firm Webroot Software, canvassed more than 275 IT managers and executives nationwide. The survey found that even as IT organizations spend more time fighting spyware, very few corporations are deploying corporate solutions against the growing threat.

According to the survey, more than 70 percent of corporations have expressed an increased concern about spyware, but less than 10 percent of businesses have adopted commercially available antispyware software.

The survey also showed that more than 96 percent of the respondents felt protected from outside threats using traditional antivirus and firewall solutions, yet nearly 82 percent report their desktops are currently infected with spyware, with more than a third noticing an increase in spyware infections in the last six months.

According to the Giant Spyware Research Center, more than 2 million Spyware threats were detected in the previous 30 days. Besides the risk to personal and corporate information, Spyware often causes computers to act sluggishly or crash. It causes a bandwidth drain on organizations as well.

Executive Cluelessness

Many Internet security experts say the problem with spyware infiltrating enterprise networks will get much worse before corporate executives come to grips with its severity.

“Protecting against spyware on enterprise computers will take a long time to fix,” Michael R. Higgins, managing director of TekSecure Labs, the network security division of Tekmark Global Solutions, told TechNewsWorld.

He said that most enterprise IT staffs mistakenly rely on the site blocking features of the firewall and antivirus software to protect their networks. Antivirus software won’t stop spyware.

“Most enterprise executives do not even know where the security perimeters of their networks are,” Higgins said. “Companies, by default, do nothing.”

Higgins views the enterprise spyware problem as like trying to put the whip cream back into the can.

According to Higgins, 80 percent of enterprise computer users do not know anything about spyware. He sees a big learning curve being followed before spyware awareness reaches the level that antivirus protection has finally reached.

“We finally got the enterprise sectors to know about virus protection. They are totally clueless about spyware infections,” Higgins said. “They won’t see the light at the end of the tunnel anytime soon.”

Taking Its Toll

Enterprise workers are exposed to spyware attacks on office computers the same as consumers are vulnerable on computers in their homes and small businesses. The problem is amplified in the enterprise network because of the large numbers of computer users.

Security experts said the tendency for corporations to react slowly is making the spyware intrusions more costly to eradicate. Higgins said the enterprise environment is generally taking six months from spyware discovery in a network to implement a solution. Richard Stiennon, Webroot vice president of threat research, said the lag time is closer to 18 months.

Meanwhile, much damage in lost productivity and exposure to stolen records occurs while corporations fiddle around searching for the best — or often cheapest — solution. The enterprise community now has to play catch up with security measures because corporate executives refuse to pre-invest in adequate protection to protect the network from intrusion from spyware, Stiennon said.

“Corporations are risking lost productivity and intellectual property to this rapidly growing threat by not deploying a comprehensive, enterprise-strength antispyware solution,” Stiennon said.

He said, “Companies need a solution with centralized management to ensure definitions are up to date and scans occur on a regular basis, advanced reporting capabilities to determine the exact nature and location of threats, and the tools to quarantine and remove these threats, all backed by dedicated technical support and threat research teams to offer the most comprehensive level of protection.”

Spyware Phases

According to Stiennon spyware attacks have followed three phases. From the enterprise standpoint, the early phases of spyware have not hit the pain point until recently.

The first phase involves ad tracking code slipped onto a user’s hard drive. This approach is more passive because it places one or more cookies on the hard drive. The cookies identify the visitor and contain secret code to send data about the user’s Web travels to another location.

Use of click-through coding is the second phase. It is a more active method because it requires the user to click on some part of the Web page (a banner, a graphic, etc.) to deliver the payload.

Installing hidden programs that steal user accounts and other business information from a computer is the third spyware phase. It is worse than previous methods because it is based on criminal activities by the spyware writers. These measures involve keylogging codes and special programs that sniff through networks looking for specific kinds of business data.

Stiennon said that spyware writers have invested heavily in corporate attacks since last year.

“There are 80 new spyware vehicles unleashed per week. This is twice the number of new viruses released into the wild,” Stiennon told TechNewsWorld.

Few Available Solutions

Security experts warn that antispyware programs that work for consumers on their home computers are ineffective on enterprise networks. Several software companies have developed enterprise-strength technology to protect business computers and the networks that tether them to the Internet.

At the present, the major companies that offer virus protection products to consumers and businesses do not have antispyware products. The process for blocking and removing spyware is much different than the signature-based methods used in antivirus programs.

However, insiders told TechNewsWorld that two of the leading antivirus software manufacturers are readying a product bundle that will protect users against both spyware and virus attacks.

Webroot’s Spy Sweeper Enterprise is a corporate antispyware solution that enables organizations to detect, manage and eradicate all forms of spyware. Spy Sweeper Enterprise helps companies mitigate spyware-related security risks, reduce mounting support requests, and reestablish computing and network performance.

The Webroot Corporate Spy Audit tool and the free trial of Spy Sweeper Enterprise are available for download from the Webroot Web site. The Corporate Spy Audit tool is located at http://www.webrootdisp.net/entaudit/start.php and the Spy Sweeper Enterprise trial download is currently available at http://www.webroot.com/entcenter/enterprise_trial.php.

TippingPoint has just added spyware protection to its UnityOne Intrusion Prevention Systems. “Spyware is a serious threat and most do not realize they are infected,” TippingPoint’s Chief Technology Officer Marc Willebeek-LeMair said. “By blocking Spyware at the network level, organizations gain the efficiency of one centralized solution that can increase uptime, optimize bandwidth and productivity, and proactively block Spyware threats.”