Email spam continues to be a major problem for many U.S. businesses, with almost half saying that theyve experienced data breaches due to employees clicking on malicious links and 70 percent saying that their anti-spam solutions are marginally effective at best, according to a survey released March 1 by security software company GFI Software.
In the survey, 44 percent of respondents said their organizations had sustained a data breach due to spam email, and another 6 percent were unsure if theyd been breached. Fifty-two percent said the volume of spam flowing into their organizations had grown over the past year, while another 32 percent said it remained the same. Seventy-two percent of respondents said they receive too much spam.
The results indicate that spam will continue to be an ongoing problem that harbors significant risks for businesses, according to Phil Bousfield, general manager of GFIs Infrastructure Business Unit.
"This research shows that the spam problem is not going away, and in fact, the delivery of malicious links and files makes it more dangerous than ever before," Bousfield said in a statement, adding that dealing with the increasing number of dangers lurking in emails is becoming an increasingly onerous chore of IT professionals. "The increasing volume of email-borne threatscoupled with an organization's need to balance security and infrastructure costsis a growing burden on IT administrators looking to find the optimum and most cost-effective approach to email security."
Spam has been a problem for years, as attackers have used it as a way of breaching corporate networks. However, some researchers have found that the amount of spam has decreased over the past few years, with some cyber-criminals opting instead for more targeted attacks on specific corporate networks.
The GFI study, conducted by Opinion Matters, showed concern among businesses regarding spam is still high. Opinion Matters surveyed 202 IT decision makers at U.S. companies that had five to 1,000 employees.
According to the survey, the key concern among companies regarding spam was that it could contain malicious links or files that, if opened, could compromise the corporate network. Twenty-nine percent of respondents noted that as their top concern, even as 90 percent of them said that on a regular basis, they educate employees about the risks of open spam emails.
The second-largest concern for companies was the threat of phishing attacks posed by spam, according to the GFI survey.
The study also found high levels of dissatisfaction with their anti-spam solutions. According to the results, 48 percent of the respondents said their companies rely on the anti-spam capabilities of their antivirus solution to help block spam. Another 20 percent use a software solution, while 14 percent use a cloud-based solution to filter email. Eleven percent use an anti-spam gateway appliance.
Few companies said they were satisfied with the results. Sixty percent said their solutions were marginally effective; another 10 percent said their solutions were not effective at all.
Bousfield argued that many companies were not leveraging all the anti-spam capabilities that are available to them. He argued that businesses should take a multi-layered approach to email security and anti-spam efforts, which includes both on-premise and cloud-based solutions. Most companies rely on the anti-spam component of their antivirus software, including 67 percent of businesses with 50 to 99 employees. Such a reliance on a single solution is not effective, he said.
"Businesses need to respond by taking advantage of all the latest spam-fighting technologies available to them, Bousfield said. The most effective way to stop spam is to employ a multi-layered defense that encompasses on-premise and cloud-based anti-spam solutions."