June 8, 2015 By Jaikumar Vijayan 2 min read

Strict enforcement of acceptable use policies (AUPs) can dramatically reduce risk to corporate data, a new report by Israeli security firm Allot Communications shows.

The report is based on an analysis of data collected by Allot over a five-month period between November 2014 and April 2015. The information came from large enterprises and from service providers who provide Internet connectivity to small and medium businesses.

Doing an End Run Around AUPs

The data showed that much of the traffic blocked on corporate networks came from users attempting to access Web applications and services that were prohibited by their employers. Allot discovered that almost 92 percent of blocked Web traffic stemmed from employees trying to use social networks, online file-sharing services, consumer instant messaging tools and anonymizing services at work in violation of corporate AUPs. Just 8 percent of traffic was blocked because it contained malware.

Allot discovered that just having an AUP in place does not discourage employees from trying to work around it anyway. On average, employees in the study tried to access social networks more than six times per day, with Facebook being the most common attempted destination. Additionally, Allot counted an average of 1.5 attempts per day by employees to access sites containing content inappropriate for the workplace, such as gaming and dating sites.

Threats to Corporate Data

Traffic from employees using or trying to use prohibited instant messaging services was blocked 10 times more frequently than other Web content because of a relatively high prevalence of malware. Interestingly, Allot’s data analysis showed that employees use anonymizing services on enterprise networks to access websites and conduct transactions without revealing too much information. When compared to regular Web traffic, this anonymized traffic is blocked far more frequently because of potentially malicious content.

The results highlighted the risks to corporate data posed by employees attempting to access applications outside of the business’s policy, said Yaniv Sulkes, assistant vice president of marketing at Allot, in comments to Security Intelligence. Many of the commonly accessed Web applications — such as instant messaging, file storage, social networking applications and anonymizers — pose risks that may not be readily apparent, he said.

High-Risk Web Application Categories

Both social networking sites and instant messaging applications can be used for file sharing. Many of the file types prevalent on social media networks are also highly susceptible to malware, Sulkes said. In fact, 30 percent of the blocked malware in the Allot study came via JavaScript files, while 20 percent was courtesy of image files like .jpg, .png, .gif and .ico, he said. Employees can even use online storage services like iCloud and Dropbox to store sensitive corporate data right alongside personal information.

Similarly, the use of anonymizing services by employees can pose substantial risks to enterprise data, the report noted. Employees need to install software on their client devices in order to use an anonymizer. The software creates a virtual proxy that connects to a proxy network or public proxy server. The tools can be used by employees to evade enterprise firewalls and access Web accounts or services that are not permitted. From its study, Allot discovered that an average of 58 attempts are made per day to access anonymizer applications and related tools from within small and medium businesses.

Such trends highlight the need for companies to not just have AUPs, but also a way to enforce them, Sulkes said. Rather than focusing on perimeter-centric tools, enterprises need to be thinking about application-specific controls for mitigating risks posed by inappropriate use of risky Web applications in the workplace.

More from

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Stealthy WailingCrab Malware misuses MQTT Messaging Protocol

14 min read - This article was made possible thanks to the hard work of writer Charlotte Hammond and contributions from Ole Villadsen and Kat Metrick. IBM X-Force researchers have been tracking developments to the WailingCrab malware family, in particular, those relating to its C2 communication mechanisms, which include misusing the Internet-of-Things (IoT) messaging protocol MQTT. WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware delivered almost exclusively by an initial access broker that X-Force tracks as Hive0133, which overlaps with TA544. WailingCrab…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today