A survey of U.S. organizations found that almost half sustained data breaches due to spam emails, while most said their anti-spam solutions were marginally effective.
Email spam continues to be a major problem for many U.S.
businesses, with almost half saying that theyve experienced data breaches due
to employees clicking on malicious links and 70 percent saying that their
anti-spam solutions are marginally effective at best, according to a survey released
March 1 by security software company GFI Software.
In the survey, 44 percent of respondents said their
organizations had sustained a data breach due to spam email, and another 6
percent were unsure if theyd been breached. Fifty-two percent said the volume
of spam flowing into their organizations had grown over the past year, while
another 32 percent said it remained the same. Seventy-two percent of
respondents said they receive too much spam.
The results indicate that spam will continue to be an ongoing
problem that harbors significant risks for businesses, according to Phil
Bousfield, general manager of GFIs Infrastructure Business Unit.
"This research shows that the spam problem is not going
away, and in fact, the delivery of malicious links and files makes it more
dangerous than ever before," Bousfield said in a statement, adding that
dealing with the increasing number of dangers lurking in emails is becoming an
increasingly onerous chore of IT professionals. "The increasing volume of
email-borne threatscoupled with an organization's need to balance security and
infrastructure costsis a growing burden on IT administrators looking to find
the optimum and most cost-effective approach to email security."
Spam has been a problem for years, as attackers have used it
as a way of breaching corporate networks. However, some researchers have found
that the amount of spam has decreased over the past few years, with some
cyber-criminals opting instead for more targeted attacks on specific corporate
The GFI study, conducted by Opinion Matters, showed concern
among businesses regarding spam is still high. Opinion Matters surveyed 202 IT
decision makers at U.S. companies that had five to 1,000 employees.
According to the survey, the key concern among companies
regarding spam was that it could contain malicious links or files that, if
opened, could compromise the corporate network. Twenty-nine percent of
respondents noted that as their top concern, even as 90 percent of them said
that on a regular basis, they educate employees about the risks of open spam
The second-largest concern for companies was the threat of
phishing attacks posed by spam, according to the GFI survey.
The study also found high levels of dissatisfaction with
their anti-spam solutions. According to the results, 48 percent of the
respondents said their companies rely on the anti-spam capabilities of their
antivirus solution to help block spam. Another 20 percent use a software
solution, while 14 percent use a cloud-based solution to filter email. Eleven
percent use an anti-spam gateway appliance.
Few companies said they were satisfied with the results.
Sixty percent said their solutions were marginally effective; another 10 percent
said their solutions were not effective at all.
Bousfield argued that many companies were not leveraging all
the anti-spam capabilities that are available to them. He argued that
businesses should take a multi-layered approach to email security and anti-spam
efforts, which includes both on-premise and cloud-based solutions. Most
companies rely on the anti-spam component of their antivirus software,
including 67 percent of businesses with 50 to 99 employees. Such a reliance on
a single solution is not effective, he said.
"Businesses need to respond by taking advantage of all
the latest spam-fighting technologies available to them, Bousfield said. The
most effective way to stop spam is to employ a multi-layered defense that
encompasses on-premise and cloud-based anti-spam solutions."