A recent survey of more than 500 IT managers found that an overwhelming majority ranked spyware among their top three IT priorities for 2005.
Eighty-seven per cent of participants also believe the spyware problem will get worse before it gets better, according to the survey, which was conducted
online last month by TechRepublic, an Web-based resource for IT professionals. The survey was commissioned by security vendor Trend Micro Inc.
While 45 per cent of small enterprises (fewer than 500 employees) and 57 per cent of large enterprises (more than 500 employees) believe anti-spyware is most effectively deployed at the gateway, only 15 per cent of small businesses and 26 per cent of large businesses have it deployed there, the survey reported.
“”They are not on top of spyware,”” said Jack Marsal, senior product marketing manager, Trend Micro. “”Spyware has changed over the last year to year and a half and become much more of a problem with the addition of adware.””
Adware is a for-profit kind of spyware that significantly slows down computers and can cause them to crash. The survey found that 95 per cent of companies report that adware is frequently found within their organization.
According to Gartner Group more than 25 per cent of help-desk time is wasted due to spyware. “”The problem is out of hand,”” Marshall said. More than 90 per cent of those surveyed said they’ve seen an increase in the amount of spyware on their networks in the past three months.
When it comes to IT security here, Canadian businesses also placed spyware near the top of their lists of concerns. An IDC Canada survey of Canadian companies conducted last summer showed that IT managers are concerned about viruses, security incidents or breaches, firewall and hacking or threats.
While many of these respondents indicated that their No. 1 purchase in the next 12 months would be anti-virus software, Joe Greene, vice-president of IT security research at IDC Canada, said they’re also looking at upgrading their network products to improve their perimeter defence.
Guarding the perimeter
This is one of the easiest ways companies can guard themselves against spyware, said Brian O’Higgins, chief technology officer at Ottawa-based Third Brigade Ltd.
“”Doing something on the network or gateway could be quite effective very quickly,”” said O’Higgins. Anti-spyware software should also be deployed at the desktop level, he said. “”End users are always going to browse Web sites and catch stuff. You can’t drive everything on servers.””
While traditional big security spenders, such as financial services and government agencies, are on top of these kinds of security breaches, many small- and mid-sized companies are often caught off guard, said Greene.
“”Banks have a good handle on what’s going on here,”” said Greene. “”But many companies do not. The market right now for medium, small companies is reactive rather than proactive. They’re only going to do something if something really happens to them.””
O’Higgins said companies need to invest in a solution or face the consequences, which can often end up costing them more as a result of lost time and productivity.
“”The companies that generally spend more money on security are aware of the issues and they’re the first ones to roll out these tools,”” said O’Higgins. “”The people that don’t spend a lot of attention to security are the ones that get bitten. They got hit by worms and viruses and now they’ll get hit by spyware.””
Top spyware-related concerns include, lowered computer performance and loss of confidential personal or corporate information — something companies need to be wary of in the wake of regulations and compliance laws such as PIPEDA and Sarbanes-Oxley, O’Higgins said.
“”You worry about disclosure of sensitive corporate data and customer data. Your data generally lives on your servers. But if a user has got some spyware that’s logging his keystrokes it could do all kinds of bad things. For a lot of legal and regulatory reasons they (users) need to be concerned about it,”” he said.