Most Enterprises Unprotected Against E-mail Security Risks, Study Finds

Only 10 percent of organizations are actually using effective anti-spam technologies

Given the prevalence of spam and the sensationalism that attends just about any incident of unauthorized data leakage, you’d think most shops would have taken steps to proactively protect against both threats.

According to a new survey from market watcher IDC -- sponsored by gateway security specialist Secure Computing Corp. -- you’d be wrong.

The IDC study collected responses from 100 IT pros (including security decision makers) employed by companies with 500 or more employees. It found that nearly three-quarters (72 percent) of organizations don’t have solutions in place to prevent data leakage over e-mail.

What’s more, IDC says, only slightly more than 10 percent of organizations have actually deployed effective anti-spam technologies. “Overall, … organizations need to increase their efforts in combating e-mail security risks,” said Brian Burke, IDC’s program director for security products, in a prepared release.

“While organizations have expressed concern about inbound and outbound e-mail security, their current solutions are not getting the job done. Only 11 percent of those surveyed had adequate inbound protection, and over 70 percent have nothing in place for data loss prevention on e-mail. Such organizations need to take advantage of new solutions and delivery models.”

Secure Computing markets a number of solutions to prevent such problems, but the IDC survey doesn’t discuss specific vendors. Instead, it touts general technology prescriptions, such as cutting-edge anti-spam or data leakage prevention tools.

For example, 85 percent of respondents say they’re “Very Concerned” or “Extremely Concerned” about data leakage over e-mail. In spite of this, IDC found, just over a quarter (28 percent) of shops have actually implemented technology solutions designed to safeguard against leakage -- although more than half said they planned to do so starting next year.

The scope of the problem is probably much bigger than many IT pros realize. According to IDC, the vast majority -- perhaps as much as 80 or 90 percent -- of data loss incidents are accidental. Most of the companies IDC surveyed seem to agree, rating the risk of accidental data leakage as higher than that of deliberate theft. Just 5 percent of respondents said they were “Extremely Concerned” about intentional theft from within, while 44 percent admitted being “Extremely Concerned” about accidental data loss.

Spam has been such a big problem for such a long time -- and (for almost as long) has been identified as a prime vector for malicious attack -- you might think that most (if not all) organizations would already have a handle on it. You’d be wrong, however. According to IDC, more than a quarter (28 percent) of large shops say their spam complaints have increased significantly this year. The reason, IDC says, is that many of them rely on older technologies that can’t keep pace with both the increasing volume and the increasing sophistication of spam attacks.

The good news, according to the report, is that today’s most sophisticated tools can block almost 100 percent of unsolicited spam. The bad news, conversely, is that just 11 percent of shops have deployed solutions (or implemented policies) that meet this standard -- while nearly two-thirds (60 percent) say they can’t even block 95 percent of spam communications. Given the ever-escalating volume and variety of spam, this means that more unsolicited e-mails, IMs, and other communications are getting through than ever.

IDC concludes with a technology prescription: “Organizations must accelerate their adoption of next-generation e-mail security solutions. The cost of not doing so is increased malware infection through spam and increased data leakage."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Must Read Articles