IM threats are still very real - what are your options for protection?

Last week, Akonix issued an instant messaging threat report that showed that the company tracked nine new malicious code attacks directed against IM systems during November, in addition to 12 new attacks on peer-to-peer (P2P) file-sharing networks. While this number is lower than the monthly average for 2007, the threats reveal greater criminal intent on the part of their authors. Similarly, FaceTime announced that in the third quarter of 2007, the company detected 279 IM and P2P threats, down slightly from the second quarter's total of 317 incidents.

These reports reveal the still very dangerous nature of unfettered IM and P2P use in most organizations. While an increasing number of IT managers are cognizant of the consequences of doing nothing about the widespread use of consumer-oriented IM in the workplace, not enough are aware of the risks or are doing anything about it.

So, what should you do? There are actually four things you can do, each of which has various benefits and costs:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Last week, Akonix issued an instant messaging threat report that showed that the company tracked nine new malicious code attacks directed against IM systems during November, in addition to 12 new attacks on peer-to-peer (P2P) file-sharing networks. While this number is lower than the monthly average for 2007, the threats reveal greater criminal intent on the part of their authors. Similarly, FaceTime announced that in the third quarter of 2007, the company detected 279 IM and P2P threats, down slightly from the second quarter's total of 317 incidents.

These reports reveal the still very dangerous nature of unfettered IM and P2P use in most organizations. While an increasing number of IT managers are cognizant of the consequences of doing nothing about the widespread use of consumer-oriented IM in the workplace, not enough are aware of the risks or are doing anything about it.

So, what should you do? There are actually four things you can do, each of which has various benefits and costs:

1. Do nothing. Clearly, this has the advantage of the lowest cost, but also has the greatest risk, since your networks are still very much at risk from IM and P2P threats.

2. Deploy policies that prevent IM use. Again, the cost is virtually zero, but the benefits will be approximately the same.

3. Implement an IM hygiene solution that will scan network traffic for IM and P2P and take appropriate action, such as preventing file-sharing, scanning for malicious code, etc. The cost is much higher than doing nothing, but so are the benefits.

4. Implement a true enterprise IM system. The cost is likely to be higher still, but the benefits will be that IM threats are minimized because of the built-in security of these solutions, and your company will be standardized on a single, enterprise-grade solution.

The bottom line is that IM and P2P threats are real and they must be addressed.

Read more about software in Network World's Software section.