In-depth

The truth about spam

It's very easy these days to think that spam has been filtered out of existence and is no longer a problem for your business. Davey Winder argues it's more of a problem than ever.

Spam

COMMENT: Spam filtering has, without any shadow of a doubt, improved beyond recognition compared to just a few years ago.

Server-side systems have evolved to the point where relatively little spam gets through the defences, and are intelligent enough to ensure few false positives leading to genuine correspondence being flushed away with it.

So why am I insisting that spam is still a problem for your business?

In the words of Aleksandr Orlov, the TV advertising meerkat rather than a Russian security researcher, simples. While the little spam that does breach enterprise defences can perhaps be thought of as a minimal nuisance as far as employee productivity is concerned, that's far from the big picture.

Advertisement
Advertisement - Article continues below

When Opinion Matters on behalf of GFI Software recently conducted an independent and blind survey of more than 200 UK businesses, the results were perhaps rather shocking. The volume of spam, as far as decision makers within the SMBs polled were concerned, is not going down, it's going up.

Some 61 per cent said spam volumes had risen during the last 12 months and a further 21 per cent had seen no reduction in spam traffic rates.

And that's not all. Some 40 per cent of them admitted their business had suffered a data breach as a direct result of spam.

Wait a minute, spam-based data breaches? Surely not? Actually, when you think about it, the real response should be 'nothing new there.' After all, the favourite method of getting access to your data is to get someone within the enterprise to follow a malicious link or open a malicious file in order to execute a Trojan payload of some kind. And amongst many other methods, distribution of those links and attachments via spam is a hugely popular delivery route.

The thing is that, as I see it, the malicious spam threat has never gone away. Instead it has been downplayed by a tunnel vision in enterprise security strategy, which relies upon those evolved anti-spam filters to deal with it at the expense of taking a more layered approach to the problem. The survey found that 46 per cent of the businesses questioned relied solely upon the anti-spam component of their favoured anti-virus solution to deal with it.

What I find surprising about nearly half of those asked relying upon this one-chance-only spam filtering solution is that 62 per cent also admitted their anti-spam strategy was only marginally effective, with 8 per cent stating it wasn't effective at all. Amazing, especially when you consider the top concern shown by these same companies about spam was it may harbour malicious content that could compromise their networks.

Finally, some 14 per cent of those asked didn't have any education programme in place to ensure employees were aware of the spam threat, could recognise the dangers and be able to deal with them appropriately.

Until this situation changes, until those responsible for the security of the network take off the rose-tinted spectacles and admit both server/cloud and client-side approaches are needed to trap the most spam possible, the spam problem will not be going anywhere.

So, what can you do about? Well the obvious bullet points to concentrate on have to be user education and a bit of a rethink on the filtering technology front. The latter is vital if you are to actually have a more effective method of ensuring your business stays as spam-free as possible.

Simply having blind faith in your existing anti-spam solution is of little real world use if spam is still actually getting through in enough volume to cause the kind of problems outlined in this report. Actually, I'd say that a single malicious spam is one too many, but I appreciate we do not live in an ideal world.

Advertisement
Advertisement - Article continues below

Throwing money at the perceived non-problem of spam is not going to be an easy sell, I grant you, but the bean counters have to factor in the risk of malicious linkage and file attachments getting through when determining the true value of a little investment to the business.

User education is vital to ensure that when those rogue junk mails do slip through they are not actioned in a way that will compromise the security of your data. The danger is that those same bean counters will see education as the cheaper option and follow that course at the expense (every pun intended) of a technology review. This, in my never humble opinion, would be a big mistake: the one is diluted too much without the other.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/security/data-breaches/354192/t-mobile-data-breach-affects-more-than-a-million-users
data breaches

T-Mobile data breach affects more than a million users

25 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019
Visit/business-strategy/it-infrastructure/354188/tsb-payment-delays-suggest-second-it-meltdown
IT infrastructure

TSB payment delays suggest second IT meltdown

22 Nov 2019