Another year has passed and it seems everyone is busy publishing their year-end security reviews, survey results, and fearless predictions for the upcoming year.
Everyone agrees that the spam and phishing rates were up last year, and, according to Pingdom’s ‘Internet 2009 in numbers1 ,’ there were 90 trillion emails sent last year, of which 81% was spam!
But how does all this junk impact the average email administrator and the end user, and what are people doing about it?
The European Network and Information Security Agency (ENISA)2 polled email service providers of different types and sizes throughout the European Union (and some from the US). Together, they manage 80 million mailboxes. Their findings revealed something that I found particularly surprising:
‘These results suggest that providers tend to view spam as an important business challenge that must be effectively managed, but few respondents indicated that it is of great significance. Spam prevention efforts appear to have made spam manageable, making anti-spam measures a standard part of operations. Spam must be addressed to retain customers, but it is not a critical concern for most providers.’
And, according to the survey by the Messaging Anti-Abuse Working Group (MAAWG)3 , published mid-2009, titled ‘A Look at Consumers’ Awareness of Email Security and Practices,’ end-users didn’t seem particularly concerned either. Their analyses state:
‘The data from this survey creates a picture of users familiar with general email-based threats but not necessarily as alert or cautious as they should be to proactively protect themselves against spam, online fraud and other email-related hazards.’
It seems that email providers and their consumers are relying heavily on spam and virus scanners, but don’t appear to be especially worried about taking extra measures to protect against email-borne threats. And yet, according to reports by Kaspersky4 and McAfee5 , the greatest threat to email security was and will continue to be malware, botnets, targeted phishing attacks and trojans, all primarly aimed at stealing money from private and corporate bank accounts.
So, if service providers and their customers aren’t especially worried about taking extra precautions, who should bear the brunt of improving email security? There are a number of vendors offering encryption, policy management / regulatory compliance solutions, and so on, in an effort to protect the contents of outgoing messages and prevent certain information from falling into the wrong hands. Yet relatively few people are using these options. Why?
I’d like to hear your views:
– Are you planning to adopt any new security measures this year and what are they? If not, why not?
– Do you have any new ideas for curbing or even stopping the spread of malware that you haven’t yet seen on the market?
Sources:
1. http://royal.pingdom.com/2010/01/22/internet-2009-in-numbers/
2. http://www.enisa.europa.eu/act/res/other-areas/anti-spam-measures/studies/spam-survey
3. http://www.maawg.org/sites/maawg/files/news/2009_MAAWG-Consumer_Survey-Part2.pdf
4. Weatherford, Kaminsky: Top 2010 Security Issues
5. http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf
Leave a Comment