Independent research commissioned by GFI Software reveals negative impact on UK businesses from malware attacks, phishing scams and data thefts triggered by spam email
GFI Software™ today announced the findings of an independent study into spam email in the workplace, which revealed that 68% of organisations surveyed have seen their day-to-day business operations severely disrupted or completely stopped as a result of at least one spam-related incident in the last year alone.
Furthermore, 45% of those surveyed have been affected as many as three times a year, substantially impacting productivity, as well as creating significant cost for the business if PCs and servers need to be disinfected or reinstalled to recover from malware-based spam being opened and executed by a user. Some 7% of respondents also admitted to their businesses falling foul of major spam-related IT failures more than 10 times a year.
The blind, independent study was conducted for GFI Software by Opinion Matters, surveying 200 UK IT decision makers from organisations with between five and 1,000 employees.
Key findings from the survey include:
· Phishing is the most common type of spam that organisations combat, with 46.5% of respondents citing it as the most prevalent type of spam their organisation receives.
· Gambling spam was the second most common spam type, with 39% of respondents naming it as their main concern.
· Banking spam, from real but unsolicited companies was the third biggest problem, reported by 35% of respondents.
· 54% of those surveyed detected a rise in spam levels over last year, while only 15% saw their levels of incoming spam drop.
· 79% of companies rely on end users to exercise their best judgement to deal with any spam not caught by a server-side or client-side spam filter.
Spam’s share of overall email
Despite the perceived growth in the volume of spam organisations must manage, spam’s overall share of email traffic remains relatively low. Thanks in part to the growing reliance on email for everyday business communication and increased volume – both internally and externally – 50% of our survey reported that spam accounts for no more than 15% of overall email traffic, making volume less of an issue and the destructive nature of some spam types the bigger challenge. However, a quarter of our survey also admitted that spam accounts for up to a quarter of their overall email traffic, and a further 8% said spam accounts for up to half of overall traffic. These heightened rates of incidence significantly increase the chance of malicious spam getting past filters and fooling unsuspecting users.
The numbers are similar when looking at the impact of email storage. Effective filtering paired with good policies and training should ensure that most spam is trapped at the server, and anything that leaks through is either dealt with by client-side spam measures and user best practice. While 56% of those surveyed said that spam accounts for up to 15% of overall stored and archived email, and a quarter (24%) put the figure at no more than 10% of total storage, the remaining 21% are dealing with a major storage overhead, with up to half their mail storage consumed by spam, costing the company money and delivering no value.
“Spam is one of the most aggressive cyber battles that IT departments must wage, especially since hackers and scammers achieve new levels of sophistication and cunning with their scams and attacks,” said Sergio Galindo, general manager of GFI Software. “Criminals are increasingly using spam to deliver malware payloads into the workplace with a view to either causing disruption, holding PCs and servers to ransom or even stealing valuable information that can be sold or used for fraud. Infected machines mean unproductive computers and users, limiting business activities and losing money. Stolen data can result in everything from fines to lost customer confidence, while even non-malware spam creates disruption by clogging mailboxes, filling up storage and consuming IT admin time that could be put to work on more valuable tasks.”
Users: the last line of defence
The research revealed that one in five end users in the organisations surveyed are required to actively deal with spam that is not trapped by spam filters. While 44% said their organisation’s employees ignore spam – not ideal but ignored spam is at least inert spam – a third (33%) admitted to a lack guidance on who was responsible for dealing with spam that makes it to the end user.
The most common form of spam-related disruption is malware infection, according to a quarter (24%) of those surveyed. When organisations have been disrupted by a spam-related disturbance – for example a user clicking on a malware-infected attachment or link to a malware-filled website – the disruption to the business is substantial. The survey revealed that 58% of those surveyed lost up to three hours of productivity as a result of a spam incident. Almost a third (31%) have lost up to five hours per incident, while 9% have lost up to nine hours – more than one working day in most office-based organisations.
“The impact of a spam incident on a business should not be underestimated. Lost productivity not only has a cascade effect across the business, it directly hits a company’s bottom line. If you are lucky, the time spent by IT recovering a PC or server will be quick, but if machines and data are stolen or locked up in a ransomware malware scam, the time and cost to the organisation can quickly spiral,” added Galindo.
The role of spam filtering and policy
Despite some uncertainty over who is responsible for spam, there is some clear policy guidance on what to do with it, with 71% of respondents advising users to simply delete anything that appears to be spam from their inboxes. Only 2% do not have a policy.
Unfortunately, in their effort to deal with the ever-increasing complexity and realism of spam – particularly phishing mail – some legitimate mail can generate false positives and be blocked, more so if spam filters are not configured correctly. Two thirds (67%) have experienced this in the past year, with more than half (55%) only experiencing up to three false positives a year.
A copy of the full survey results and an infographic can be found at: https://www.gfi.com/documents/GFI-Spam-survey-2014.zip
About GFI Software
GFI Software™ develops quality IT solutions for businesses with up to 1,000 users. Serving an expanding customer base of more than 200,000 companies, GFI’s portfolio includes network security, web management, anti-spam, patch and vulnerability management, faxing and archiving solutions. Easy to use, install and manage, GFI’s products help businesses to monitor, manage and secure their networks with minimal administrative overheard. GFI is a channel-focused company with thousands of partners worldwide. The company has received numerous awards and industry accolades, and is a longtime Microsoft® Gold ISV Partner.