8 May, 2008
By Vanessa Ho

According to Webroot's "State of Internet Security: Protecting Business Email" report, it estimated that in 2008, there will be over 42,000 spam e-mails for every single business e-mail account, or about 116 per day and that these threats are severely impacting businesses around the world.
"We don't expect to contain [spam] as long as people can make money off it," said Peter Watkins, CEO of Webroot. "[Security] tools have not kept up with the nature of [these] attacks."

Webroot found that more than half of the 1500 people surveyed experienced spyware and virus attacks via e-mail and over 40 per cent experienced a phishing attack. Additionally, about one out of five organizations reported that sensitive online transactions were threatened and confidential information was compromised as a result of spam and over 60 per cent of respondents had at least one e-mail outage in 2007. One out of three survey respondents said that the hourly cost of an e-mail outage was over $1,000.

One of the findings of the report noted that individual e-mail users opened messages before realizing they were spam, opened messages in junk folders and even made purchases from e-mails marked as spam.

Even though people have been told not to click on any e-mails messages from senders they do not know, Watkins said that sometimes those e-mails are too irresistible not to.

"We can control a lot of spam if people didn't open them but there [will always be] something that happens to intrigue them and they take a chance on it. It is human behavior and also social engineering."

He added that all the education in the world won't stem the tide of spam and a number of upcoming events like the U.S. presidential election and the Beijing Olympic Games will only make it harder for people not to click on those spam messages.

Another finding was that one out of three organizations reported employee misuse of e-mail resources.

Webroot also discovered that less than a third of organizations surveyed had key employee e-mail security policies in place and that less than half of companies with more than 100 computers had policies in place to restrict employees' personal e-mail use.

Watkins said the reason why many organizations had not placed any sort of e-mail security policies was that a stratification exists between very large companies and small companies as well as ones in the middle where the large companies have the expertise in-house and have the resources to handle such policies but smaller organizations of 200 or 500 people will have a fewer IT people and security would be a part time aspect of their job.

"It is not something they spend tremendous amount of time on and people tend to wait until something becomes a problem before they react. The smaller companies are overwhelmed by those kinds of attacks and they just don't have the time or resources to present that enterprise-class defense against these attacks," explained Watkins.

He added that because smaller organizations can't spend the time and the resources to defend themselves that they will be compromised in such a way that they will not be aware of it and end up putting themselves in dire risk for both customer data and financial loss.

Watkins advised that small- and medium-sized businesses look for outside help by finding the right channel partners who can help them put in good basic policies.

"That is absolutely essential first and foremost," he added. "Second of all is to look for a set of tools that would provide enterprise-class capability without the enterprise-class manageability headaches and doing at the budget small businesses can afford. We believe that SaaS is the right approach that accomplishes those latter goals."

Reprinted by permission of Integrated mar.com (integratedmar.com), EchannelLine © Copyright 2008 Integratedmar.com Corporation.