February 11, 2004 9:12 AM PST
Spam seen as security risk
The study, commissioned by security software maker Network Associates, surveyed 356 small to large organizations in North America. Questions focused on the effects of unwanted e-mail in the corporate environment.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Although the study was commissioned by a company that sells antispam technology, independent experts agree that the status of spam is changing.
"Spam has always been a security problem," said Eric Hemmendinger, research director for Aberdeen Group. "But it hasn't been recognized as such. Now more people are recognizing it as a security issue, and they're implementing antispam technology."
Traditionally, spam has been thought of more as an inconvenience, requiring workers to sift through and delete dozens and sometimes hundreds of e-mail messages per day. There has been a debate over how much of this sifting and deleting affects employee productivity. While some companies have found this to be a sufficient reason to invest in antispam products, others have looked for more compelling reasons.
For one, spam takes up storage space on e-mail servers, requiring companies to back up more data and spend more time managing e-mail servers. Storage itself is relatively inexpensive, but the added cost of managing the additional data has caused many companies to invest in antispam products, Hemmendinger said.
Companies also see spam as a security threat in the wake of e-mail based worm attacks such as MyDoom, Bagle.a and Sobig. MyDoom, the most recent of these attacks, spread throughout the Internet via e-mail last month. The worm infected a new computer every time an unwary e-mail user opened the attached file containing the program. As many as 2 million computers may have been infected.
Hemmendinger said that spam-based worm attacks are nothing new, but hackers are increasingly using them as a tool to slip in damaging programs. Once these worms land in e-mail in-boxes, they can wreak havoc on a person's computer or be used as a Trojan horse to damage other machines.
"By recognizing the characteristics of spam, such as volume, antispam products can help solve a big security risk," Hemmendinger said. "It's not the only solution, but it can be used as part of an overall security strategy."
The survey results also indicated that companies want to buy antispam technology from existing security vendors. Network Associates said that 86 percent of the participants surveyed agree that they would prefer to purchase antispam technology from a specific security vendor that also protects their systems from other types of threats, malicious code and vulnerabilities.
Hemmendinger agreed with the findings and said that bundling antispam protection with current antivirus protection will likely provide additional revenue for existing security companies. But he also said there is still opportunity for smaller vendors.
"A lot of organizations will probably look first to existing security providers," he said. "But if they aren't satisfied with that offering they'll look elsewhere. If the problem is serious enough to start looking around, they won't wait six or nine months for their current security provider to get a solution."