Home / Gartner Group warns enterprises of inherent security threat of IM

Gartner Group warns enterprises of inherent security threat of IM

Businesses advised to subject instant messenger platforms to same security restrictions as e-mail, and to rapidly apply patches.

Gartner Group is warning enterprise organisations to reassess the use of Instant Messenging (IM) platforms in the enterprise due to security reasons. At the start of May, Microsoft issued a patch for a vulnerability in the Chat Control component included in its MSN Messenger software. However, this is merely the latest in a string of security incidents surround free IM platforms.

The Microsoft security hole allows an attacker to execute code on the target machine. An attack is likely come from some future worm, or self-propagating virus.

“Instant messaging (IM) platforms have had vulnerabilities before, but attacks required the user to take some action ‘Go to this cool site’. This new vulnerability raises the spectre of a destructive self-propagating worm that could have several ‘heads’ exploiting various paths, one of which would be MSN Messenger,” states a Gartner Group report.

Although IM potentially increases productivity between workers in and between enterprises, allowing IM traffic through the corporate firewall can create a serious security threat.

“The inherent weaknesses in both the software and infrastructure of the major free IM providers – [such as] AOL Time Warner, Microsoft and Yahoo - create significant risk for enterprises allowing IM traffic through the enterprise firewall,” says the Gartner report.

Gartner Group has issued a number of security recommendations to enterprises, including saying on top of the recent spate of security alerts and the rapid application of patches as and when they become available. Also, IM should be subjected to the same security measures as e-mail.

Long term, organisations should also investigate the possibility of using enterprise-controlled IM and presence servers, which will offer better security than free public services.

“When choosing between competing IM systems, enterprises should heavily weight the security of the code,” adds the report.”

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.