Apr 1 2004
For around half of British businesses the increasing volumes of unsolicited emails or spam they receive is a growing concern and in some cases has reached unacceptable levels. With 93% of UK companies using email as an important business communications channel (compared with 80% two years ago), any disruption or degradation of this service is a serious business issue. Yet, at the same time, the deployment of anti-spam tools is still not widespread
These are among the initial findings from the 2004 Department of Trade and Industry’s biennial Information Security Breaches Survey, conducted by a consortium led by PricewaterhouseCoopers. The full results of the survey will be launched at InfoSecurity Europe in London, 27-29 April.
Key findings from the survey of some 1,000 companies include:
• Nearly all UK businesses receive spam although the volume varies; overall around half reported it representing a noticeable, significant or large proportion of their incoming Internet email, with the figure for larger companies slightly lower;
• Some 17% of companies reported that spam made up more than 50% of emails received;
• But business is divided on the impact of spam – one in ten consider it a major issue, while a third don’t believe it is an issue at all;
•The use of tools to filter out spam before it reaches the intended recipient is not widespread in British companies with just 20% of businesses overall deploying this technology, although the figure for large businesses is more than double this (44%);
• In the case of smaller companies, it is possible that cost or lack of awareness of filtering technology is a factor in the low adoption rate, while among businesses in general, the feeling may be that the technology is not yet sufficiently mature;
• However, it is also true that businesses do not consider spam as being among their highest risks and so it may well be that wider adoption of filtering will only happen when spam starts to have a greater direct impact on business;
• Interestingly, the survey suggests that media attention on spam is greater than its impact on business, although this is likely to change because 55% of companies believe that spam volumes are rising, while just one in ten see them falling;
• While some of those companies polled thought spam was an isolated problem, others suggested that the visibility of email addresses to the outside world was the root cause because the vast majority of spam was directed at these users; others believed that Internet Service Providers should do more to choke spam at its source or that a levy should be applied to each email sent to deter mass mailing.
These findings are published in a fact sheet - ‘Spam’ - sponsored by Computer Associates.
Andrew Beard, the PricewaterhouseCoopers advisory services director involved in the survey, said:
“It looks as if the amount of spam hitting UK businesses is set to rise and is therefore likely to feature higher on the security risk agenda in the future. Companies need to be vigilant, therefore, and use a combination of tactical and longer-term measures to tackle the problem.
“Spam hits businesses in a number of ways – they can be victims when their email and network services are degraded, but they can also unwittingly contribute to the problem if they allow poorly secured mail servers to be used by the spammers as ‘relays’ to spread their messages to other organisations.”
Simon Perry, vice-president of security strategy for Computer Associates, added:
“Spam affects more than just productivity. It also has a dangerous side to it. Some can contain viruses or malicious active code. Without the adequate anti-virus protection, critical data can be compromised. Many companies now use anti-spam filtering solutions but these cannot protect against the associated risks alone. It is critical that anti-spam solutions work together with firewalls and anti-virus tools to ensure that there are no obvious holes in a company’s defences.”