DURHAM, N.C. – October 7, 2014 – GFI Software™ today announced the findings of an independent study into spam email in the workplace, which revealed that 69 percent of organizations surveyed have seen their day-to-day business operations severely disrupted or completely halted as a result of at least one spam-related incident in the last year.
Furthermore, 36 percent of those surveyed have been affected as many as three times a year, with substantially negative impacts on productivity, as well as creating significant expense for the business if PCs and servers need to be disinfected or reinstalled to recover from malware-based spam being opened and executed by a user. Fifteen percent of respondents also admitted their business experienced major spam-related IT failures more than 10 times in the last year.
The blind, independent study was conducted for GFI Software by Opinion Matters, surveying 200 US IT decision makers from organizations with between five and 1,000 employees.
Key findings from the survey include:
· Phishing is the most common type of spam companies combat, with 49 percent of respondents citing it as the most prevalent type of spam their organization receives.
· Banking spam, from real, but unsolicited companies, was the second biggest problem, named by 44 percent of respondents.
· Dating site spam was the third most common type, with 34 percent of respondents reporting it as their main concern.
· 56 percent of those surveyed detected an increase in spam levels over the past year, while only 13 percent saw their levels of incoming spam decrease.
· 77.5 percent of companies rely on end-users to exercise their best judgment in dealing with any spam not caught by a server-side or client-side filter.
Spam’s share of overall email
Despite the perceived growth in the volume of spam that organizations must manage, spam’s overall share of email traffic remains relatively low. Thanks in part to the growing reliance on email for everyday business communication and increased volume – both internally and externally – 40 percent of those surveyed reported that spam accounts for no more than 15 percent of their overall email traffic, indicating that spam-related damage is a bigger challenge than volume. However, one-third of respondents also admitted that spam accounts for up to one-quarter of their overall email traffic, and a further 13 percent said spam accounts for as much as one-half of overall traffic. These heightened rates of incidence significantly increase the chance of malicious spam getting past filters and fooling unsuspecting users.
The numbers are similar when looking at spam’s impact on email storage. Effective filtering, paired with good policies and training, should ensure that most spam gets trapped at the server, and anything that leaks through is either dealt with by client-side spam measures and user best practice. While 45 percent of those surveyed said that spam accounts for up to 15 percent of overall stored and archived email, one-fifth put the figure at no more than 10 percent of total storage. The remaining 36 percent are dealing with a major storage overhead, with up to half of their mail storage consumed by spam, costing the company money and delivering no value.
“Spam is one of the most aggressive cyber battles that IT departments must wage, especially since hackers and scammers have achieved new levels of sophistication and cunning with their scams and attacks,” said Sergio Galindo, general manager of GFI Software. “Criminals are increasingly using spam to deliver malware payloads into the workplace with the intent of either causing disruption, holding PCs and servers ransom or even stealing valuable information that can be sold or used for fraud. Infected machines mean unproductive computers and users, limiting business activities and, as a result, losing money. Stolen data can result in everything from fines to lost customer confidence, while even non-malware spam creates disruption by clogging mailboxes, filling up storage and consuming IT admin time that could be put to work on more valuable tasks.”
Networks face the most likely disruption
The most common form of spam-related disruption is network disruption, according to 27 percent of those surveyed, while 22 percent have been hit by malware as a result of a user responding to a spam email. When organizations have been disrupted by a spam-related disturbance – for example, a user clicking on a malware-infected attachment or link to a malware-filled website – the disruption to the business is substantial. The survey revealed that 48 percent lost up to three hours of productivity as a result of a spam incident. More than one-third (34 percent) have lost up to five hours per incident, while nine percent have lost up to nine hours – more than a full work day in most organizations.
“The impact of a spam incident on a business should not be underestimated. Lost productivity not only has a cascade effect across the business, it directly hits a company’s bottom line. If you are lucky, the time spent by IT recovering a PC or server will be quick, but if machines and data are stolen or locked up in a ransomware scam, the time and cost to the organization can quickly spiral,” added Galindo.
The role of spam filtering and policy
Despite some uncertainty over who is responsible for spam, there is some clear policy guidance on what to do with it, with 69 percent of respondents advising users to simply delete anything that appears to be spam from their inboxes. Only 3 percent do not have a policy.
Unfortunately, in their effort to cope with the ever-increasing complexity and sophistication of spam – particularly phishing mail – some legitimate mail can generate false positives and be blocked, more so if spam filters are not configured correctly. Almost two-thirds (65 percent) of respondents have experienced this in the past year, with almost half (46 percent) only experiencing up to three false positives a year.
A copy of the full survey results can be found at: http://www.gfi.com/documents/GFI-Spam-survey-2014.zip