Enterprise Instant Messenger: Step One to Avoiding the Blended Attack
The enemy is getting smarter. Sure, you want to keep your employees productive, but where is the line between productivity and allowing them to fall victim to the latest “blended” attacks being manufactured by malware authors. As we’ll discuss, an enterprise instant messenger may be one of the smartest moves you can make.
The problem
Dr. Paul Judge of Purewire, Inc. – a web security firm – posits that the new form of attack comes from an invitation from a friend to a website where malware is exploiting a browser issue. This is what he calls a “blended attack.” The primary delivery is to contact a victim through email or instant messenger. Strike up a conversation, and lead them to a video page or other site where a download is required.
For example, we’ve all been prompted to “Update your Adobe Flash Player” and mindlessly click OK. This scenario has been handcrafted to draw in a web user and deliver software of some sort.
Dr. Judge points out that you cannot try to possibly prevent your users from visiting every possible website, so URL filtering is out of the question. Even the best lists only contain 60 million sites that are blacklisted, but Judge points out that Google has over a trillion sites indexed! That’s a significant gap!
Beating the blended attack
One of the best ways to prevent your employees from being exploited is to remove communication with the outside world through an enterprise instant messenger. If an attacker can never communicate with your employees, then the blended attack can never be launched.
By limiting who your employees can talk to, you are that much more likely to avoid them having a conversation with someone bent on exploiting them. Public instant messengers do not give you the required privacy and control to prevent such attacks.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Leave a comment