What risk can P2P bring to a company’s security?
Using peer-to-peer file transfers presents a high potential of data leaks nowadays, and IT organizations are addressing more and more this issue. As security analysts inform only 60% of the companies have taken into care to monitor the use of file-sharing programs and many organizations block P2P reviews. However, it’s notable and surprising at the same time that a lot of them keep on being ignorant of any policies concerning these P2P clients.
This issue got full attention back in 2007 when a former employee of Citigroup's ABN AMRO mortgage group leaked private information of 5,000 people through a P2P messaging network. The great pharmaceutical corporate Pfizer went through the same ordeal when owing to a P2P application confidential data of 17,000 people were disclosed. These P2P applications are quite often used by cyber hackers for theft identification.
Researchers warn that even if such a company doesn’t allow using such networks the employees may pay no attention to it. To this it adds that the peer-to-peer networks are usually created to evade firewalls and go over Port 80 instead of other monitored ports. Many times P2P users are employees at work who just want to gain from having a high bandwidth. Even for those companies which have put security measures in place, there is still good chances that data might be disclosed from their internal corporate IP range because P2P is very good at getting around IT security measures.Also files coming across P2P can be disguised to look like legitimate MP3s but might instead be Trojans.All the more spyware and viruses transmitted via P2P file sharing can spread very rapidly and widely among users and thus can do considerable damage to the company.
In spite of the high rate of data leaks owing to p2p usage there are still solutions to be implemented. However, currently most of the DLP tools existing are just monitoring the P2P because to ban it totally could mean to block legitimate business as well. If the DLP solution would be well-configured it could resolve the problem of P2P leaks, but most organizations do not opt for it. On the other hand, the highest rate of danger for companies as in 40 to 60 % of the confidential files leaked via P2P file-sharing networks come from sources outside the corporate perimeter, such as suppliers, contractors, attorneys, partners, and employees working from their home or somewhere else, situations which, to be honest, a company has virtually next to no chance to control. Hence, the need for companies to center their attention more on these extended or external aspects and develop their security approach around them.
