Most Enterprises Unprotected Against E-mail Security Risks, Study Says
Given the prevalence of spam and the sensationalism that attends just about
any incident of unauthorized data leakage, you'd think most shops would
have taken steps to proactively protect against both threats.
According to a new survey from market watcher IDC -- sponsored by gateway security
specialist Secure Computing Corp. -- you'd be wrong.
The IDC study collected responses from 100 IT pros (including security decision
makers) employed by companies with 500 or more employees. It found that nearly
three-quarters (72 percent) of organizations don't have solutions in place
to prevent data leakage over e-mail.
What's more, IDC said, only slightly more than 10 percent of organizations
have actually deployed effective anti-spam technologies. "Organizations need
to increase their efforts in combating e-mail security risks," said Brian Burke,
IDC's program director for security products, in a prepared release. "While
organizations have expressed concern about inbound and outbound e-mail security,
their current solutions are not getting the job done. Only 11 percent of those
surveyed had adequate inbound protection, and over 70 percent have nothing in
place for data loss prevention on e-mail. Such organizations need to take advantage
of new solutions and delivery models."
Secure Computing markets a number of solutions to prevent such problems, but
the IDC survey doesn't discuss specific vendors. Instead, it touts general
technology prescriptions, such as cutting-edge anti-spam or data leakage prevention
For example, 85 percent of respondents say they're "Very Concerned"
or "Extremely Concerned" about data leakage over e-mail. In spite
of this, IDC found, just over a quarter (28 percent) of shops have actually
implemented technology solutions designed to safeguard against leakage -- although
more than half said they planned to do so starting next year.
The scope of the problem is probably much bigger than many IT pros realize.
According to IDC, the vast majority -- perhaps as much as 80 or 90 percent --
of data loss incidents are accidental. Most of the companies IDC surveyed seem
to agree, rating the risk of accidental data leakage as higher than that of
deliberate theft. Just 5 percent of respondents said they were "Extremely
Concerned" about intentional theft from within, while 44 percent admitted
being "Extremely Concerned" about accidental data loss.
According to IDC, more than a quarter (28 percent) of large shops say their
spam complaints have increased significantly this year. The reason, IDC said,
is that many of them rely on older technologies that can't keep pace with both
the increasing volume and sophistication of spam attacks.
The good news, according to the report, is that today's most sophisticated
tools can block almost 100 percent of unsolicited spam. The bad news, conversely,
is that just 11 percent of shops have deployed solutions (or implemented policies)
that meet this standard -- while nearly two-thirds (60 percent) say they can't
even block 95 percent of spam communications. Given the ever-escalating volume
and variety of spam, this means that more unsolicited e-mails, IMs and other
communications are getting through than ever.
IDC concludes with a technology prescription: "Organizations must accelerate
their adoption of next-generation e-mail security solutions. The cost of not
doing so is increased malware infection through spam and increased data leakage."
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.