Webroot Research Finding: Rapidly Growing Email Security Threats
April 2008 by Webroot Software
Webroot released its latest research report, "State of Internet Security: Protecting Business Email." The report reveals the significant impact that rapidly growing email security threats, in size and volume, are having on businesses worldwide and underscores the need for a multi-layered approach to Internet security.
"The battle against spam is an on-going struggle for many organisations with spammers continuing to present a serious and costly threat to most businesses. In 2008, we estimate there will be over 42,000 spam emails for every single business email account, or about 116 per day. And, because spammers are working at beating conventional filters with images and attachments, the size of spam has grown 60 percent since 2004," said Mike Irwin, COO, Webroot. "The size and volume of these spam attacks is largely due to the partial success of current filtering defenses that now make spamming success a numbers game. It’s clear why first-generation defenses such as appliances and server-based software are struggling to keep up."
Along with the rapid growth in spam, there is a similarly rapid growth in malware. Industry research shows that malware jumped from about 50,000 variants in 2004 to 5.5 million in 2007. Webroot research found that spam has become a significant vector of attack for deploying these new malware variants. But, while companies are seeing an increased malware threat to their email, they are still using it to gather and exchange vital customer and employee information such as credit card numbers and other confidential financial data. About one out of five businesses that responded to the survey experienced a threat to sensitive or confidential online information last year underscoring the growing need for securing and storing business email.
"Huge amounts of spam and malware can easily overwhelm the networks of small and mid-size businesses and, in some cases, even small countries. In our survey, more than half of the respondents said that they suffered spyware and virus attacks via email," added Irwin. "Because existing defenses are getting over-run, large numbers of companies are increasingly losing important data. Spam is growing in relation to the importance of email as a business communications tool. As a result, companies and organisations need defenses that can quickly and easily scale to exceed the demand."
In the "State of Internet Security: Protecting Business Email" report, Webroot studied email-related threats and the latest methods to protect business email. Webroot surveyed approximately 1,500 email security product decision-makers in companies across seven countries: Australia, Canada, France Germany, Japan, the United Kingdom and the United States.
Key Findings at a Glance:
Email is Business Critical
* According to IDC, over 6.62 trillion business emails will be
exchanged in 2008;and,
* Three-fourths of Webroot survey respondents rely on email for communicating with customers and providing customer support.
Risks to and from Email are Prevalent
* More than half surveyed experienced spyware and virus attacks
via email and over 40 percent experienced a phishing attack;
* About one out of five organisations reported that sensitive online transactions were threatened and confidential information was compromised as a result of spam;
* Over 60 percent of respondents had at least one email outage in 2007; and
* One out of three survey respondents said that the hourly cost of an email outage is over $1,000.
Employee Behavior Increases Email Security Risks
* Individual email users open messages before realising they are
spam, open messages in junk folders and even make purchases from emails
marked as spam;
* The 2007 eCrime Watch report found that current employees were second only to hackers as groups that pose the greatest cyber security threat to organisations; and
* One out of three organisations reported employee misuse of email resources.
Few Companies Have Protective Policies in Place
* Less than a third of organisations surveyed have key employee
email security policies in place; and,
* Less than half of companies with more than 100 computers have policies in place to restrict employees’ personal email use.
The State of Internet Security report is issued quarterly as an in-depth review and analysis of the most critical computer and data security-related concerns. Each report focuses on a specific aspect of information security, and provides industry data, trends and best practices in light of the threat landscape.