Spyware as Enterprise Achilles Heel

As IT departments battle trojans, viruses and worms, one particularly nasty critter is still finding myriad ways to slither onto enterprise PCs.

For the most part, organizations are blind to it," said Forrester analyst Michael Rasmussen. "They focus on viruses and don't think about the danger that spyware represents. Because of this, I think it'll get worse before it gets better."

In a nutshell, spyware is defined as any technology that helps gather information about a person or organization without their knowledge. It can infiltrate a computer through a virus or, more often, as the result of a user's decision to install a new program or download a file from the Internet.
Some spyware programs are relatively benign, used only to monitor people's Web surfing habits and send that information back to marketing companies. These particular programs are usually termed adware, and marketers are keen to distance them from their more malicious kin. Other types of spyware programs may be deliberately installed, often by bosses who want to make sure their employees are not wasting time.

The most dangerous form of spyware is the kind that invades a computer system, tracks users' keystrokes and then delivers that data back to someone who wants to do harm. If keystrokes are recorded, for example, a spyware author could gain access to corporate passwords, credit card numbers, e-mails and other sensitive documents.
Rasmussen noted that this type of spyware is far more prevalent than enterprises may think. "The threats are very significant," he said. "It's a huge problem."

Spy Network
Although spyware has been around for years, some analysts believe the problem is worsening.
Yankee Group senior analyst Eric Ogren said that the spyware threat is growing because of the mobility of today's workforce.
"Enterprises are extending their networks out, so you see laptops being hooked up to hotel networks and workers using their home PCs," he said.

If security is lax for laptop machines and home networks, spyware can gain a foothold and begin recording data. As Ogren noted, "Companies aren't doing as much as they should to stop this problem from spreading."