Unsolicited E-mail Tops List of Intrusions

Spam edges out viruses; legal threat rises

Unsolicited e-mail (spam) now surpasses software viruses as the number-one source of unwanted network intrusions. That’s according to a security survey of 400 network professionals released by Sunbelt Software in Clearwater, Fla., and analyst firm Yankee Group in Boston.

The program has hit 82 percent of organizations, whereas 74 percent of organizations say they’ve been hit by computer viruses.

Offers of discounted, prescription aphrodisiacs and adult entertainment go beyond the annoying—about a quarter of organizations worry such spam will open the company to future lawsuits. Worse, almost three-quarters of respondents say spam noticeably impacts network bandwidth.

“This survey clearly shows that spam has developed into a real issue for corporate America,” says Laura DiDio, a Yankee Group senior analyst.

Still, viruses remain potent—of the 52 percent of companies that reported a security breach within the past year, 46 percent of them traced the chief culprit to viruses.

Given the ongoing threats, and despite mostly ranking security as a high priority, companies—thanks to the poor economy—mostly don’t have additional resources to bring to the fight. At 46 percent of companies, stagnant security budgets in the last year are the rule. While 41 percent of respondents will increase their security budget, it will be by less than 10 percent.

Other survey trends also echo commonly known trends (see “CSI/FBI Report: Losses Down, Vulnerabilities Up”—http://info.101com.com/default.asp?id=1705). In the past year, 51 percent of organizations suffered a security breach, and a distributed denial of service attack hit 26 percent of respondents. While 16 percent of organizations reported external hacks, internal attacks are also appreciable—4 percent say a current employee hacked the network. Ex-employees remain a threat too, with 2 percent of organizations getting hacked by former workers.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.