Enterprises Paying Heavily for Greynets, Warns FaceTime

IT managers interviewed in September 2007 said the average annual cost of repairing PCs with damage due to use of greynets increased to nearly $289,000 from approximately $130,000 estimated a year ago, according to FaceTime's third annual report on security costs related to the use greynets.

Greynets, which signify real-time user-centric communication applications, like Skype, P2P, VoIP and instant messaging, secretly downloaded by the users without involving IT staff, could negatively impact network and information security as they provide room for malevolent programs, loss of intellectual property, identity pilfering and compliance issues. Some greynets do have business uses, but it is essential to make them visible for appropriate use under IT control.

Officials of FaceTime, which supports and/or has partnerships with enterprise and public IM network providers, subsuming Microsoft, AOL, Google, IBM, Yahoo!, Skype, Jabber, and Reuters, say it is clear that greynets are spreading in enterprises. The survey included responses from over 700 workers and IT managers in the UK and North America. The respondents reported a hike in the volume of greynets together with the cost of tackling the security threats.

According to the security company's report entitled "Use of Greynets: 3rd Annual Survey of Trends, Attitudes and Impact", 99 % of IT managers confirmed having at least one greynet in use at their business, although there were an average of nine greynets in use within each of the surveyed enterprises using security tools.

The greynets, as IT managers said, are the ones they happened to know about. About 80% of the enterprises studied reported security incidents caused by greynets. On average, FaceTime says, IT managers face almost 60 such incidents every month. The greynet-induced incidents warrant measures to remedy end-user machines, each requiring approximately ten hours for repairing.

In its report on October 16, 2007, eWeek quoted Frank Cabri, Vice President of product management and marketing at the Belmont, a California-based company, saying that the characteristics that all those applications have in common (sic) is that they're very evasive on the networks. The official added that they are very good at circumventing existing security infrastructure.

Related article: Enterprising Hackers Commercialize Their Activities

» SPAMfighter News - 11/1/2007