Most organizations lack adequate protection against spam and data leakage

Secure Computing announced the results of a commissioned study conducted by IDC which surveyed 100 IT professionals and security decision makers in North American companies with 500 or more employees, found that 72 percent of organizations had no solution for preventing data leaks over email and 89 percent of organizations lacked an effective anti-spam solution. In addition, the survey revealed that while many IT departments are planning to upgrade their messaging security infrastructure, most have not yet deployed the seven technologies required for advanced mail protection.

The study revealed that email encryption and data loss prevention have become top-of-mind issues for IT executives. In fact, 85 percent of respondents reported that they were very or extremely concerned about data leakage over email. Despite this concern, only 28 percent of those surveyed had implemented a system to prevent those data leaks, while 56 percent planned to do so in the upcoming year.

IDC believes that they vast majority of data loss incidents—80 to 90 percent—occur accidentally. Not surprisingly, the companies surveyed were much more worried about accidental data loss than deliberate leaks. Only five percent of companies reported that they were extremely concerned about insiders intentionally revealing sensitive information, while 44 percent were extremely concerned about accidental loss.

The survey also found that more unwanted messages are getting through messaging security systems, particularly at large corporations. In all, 28 percent of large organizations reported that their spam complaints had increased by more than 10 percent since the previous year.

Currently, many of these organizations rely on older technology that has not kept pace with the increasing volume of spam and the more sophisticated techniques used by spammers. State-of-the-art anti-spam solutions can block 99 percent or more of unsolicited communications. However, only 11 percent of organizations surveyed said that their messaging security currently meets this standard, and 60 percent said that their solution could not provide even 95 percent effectiveness.

The comprehensive survey also highlighted some important trends in messaging security infrastructure. First, companies are very interested in hybrid approaches which combine on-premise and in-the-cloud security measures. More than 60 percent of respondents believe that these approaches are the most effective means of preventing inbound threats.

In addition, more than half of those surveyed were currently using connection and/or reputation-based technology to drop threats at the network level. However, because many of these companies are not using the latest technology, their solutions are less than 75 percent effective.

Other key findings include:

• The majority (70 percent) of companies would like a single solution that addresses both inbound and outbound threats.
• Cost-cutting measures are spurring the move toward virtualization, with 34 percent of companies planning to adopt virtual security appliances in the next 12 months.
• Companies continue to be concerned about email-borne malware, including malicious URL links (56 percent), phishing attacks (49 percent) and malicious attachments (47 percent).
• Over the next 18 months, 40 percent of organizations plant to increase their budgets for information protection and control.