Cyber-Thieves' New Target: Business Processes
Apr 1, 2008 4:00 AM PT
The business use of e-mail worldwide has become so critical that the ever-increasing number of spam attacks containing malware are placing corporate and customer information at the highest levels of risk yet, according to an industry-wide survey Internet security firm Webroot conducted last month.
While companies are generating huge volumes of e-mail and making efforts to secure and store it, cyber-criminals are targeting e-mail knowing it's a data form rich in valuable personal and corporate information, Webroot officials said. Companies need to be diligent in staying ahead of these would-be network attackers, both outside and inside their walls.
The volume of e-mail, the types of sensitive data contained in business e-mail, and most importantly, the creative methods that would-be thieves devise to steal corporate e-mail have changed over time, according to survey conclusions.
As a result, companies need to take more proactive steps to put policy rules in place and strictly enforce employee compliance with e-mail restrictions, according to Chris Benham, vice president of corporate marketing for Webroot.
"The two things that stand out the most in this new report are the dramatic increase in attacks against businesses and the casual response from company officials about protecting their e-mail," Benham told TechNewsWorld.
Pushing the Envelope
"I am a bit surprised by the dramatic increase in the use of e-mail to get at corporate information," Benham added.
The attackers are likely driven by a hightened financial motivation. Attackers are better at understanding the critical role that e-mail holds for businesses. They have stepped up their efforts to increase their financial reward, he said.
"Attackers are going where the money is by breaking into business processes. Their actions are hard to track and harder to prosecute, he said.
Webroot conducted a survey of 1,494 e-mail security product decision-makers to explore their views about e-mail related threats and the latest methods to protect business e-mail. Respondents were from both regulated and unregulated companies and organizations in seven countries: Australia, Canada, France, Germany, Japan, the United Kingdom and the United States.
The Webroot survey revealed that three-fourths of all respondents said e-mail is very or extremely important for communicating with customers. Over 60 percent said it was very or extremely important to providing customer support.
Infections from viruses and spyware are the No. 1 e-mail security concern. These security worries are followed by data breaches and spam. More than half of the respondents experienced spyware and virus attacks in 2007. Over 40 percent dealt with a phishing attack.
Sixty percent of survey respondents said they are very or extremely concerned about spam. About one-third of the organizations responding experienced a moderate to major impact on system performance and employee productivity as a result of spam in 2007.
Half of the respondents said they are very or extremely concerned about inaccurately blocking legitimate e-mails. About one-fourth of all the respondents said they experienced a denial-of-service attack in 2007. More than 60 percent of organizations experienced at least one e-mail outage in 2007.
Nearly half of the respondents indicated a significant concern about employees sending sensitive company information externally. However, despite those concerns, only half of organizations with more than 100 computers have policies in place to restrict employees' personal e-mail use. Among smaller organizations with fewer than 100 computers, less than one third have employee e-mail policies in place.
Several studies reveal that e-mail users at work pose increasing risks by failing to adequately recognize filtered e-mail as spam before opening it. According to the Webroot e-mail Security Survey, e-mail is critical to communicating with customers and providing customer support. The majority of companies and organizations surveyed also rely on e-mail as a communication and collaboration tool among employees and to process sales transactions.
In its latest report on the state of Internet Security, Webroot referred to a report issued by industry analyst firm IDC by Mark Levitt titled, "Worldwide E-mail Usage 2007 - 2011 Forecast: Resurgence of Spam Takes Its Toll." In that report, IDC estimated that 6.62 trillion person-to-person business e-mails will be exchanged in 2008. In comparison, the report estimates 1.68 trillion business e-mails were sent in 2000; and 7.15 trillion business e-mails will be sent in 2011.
In a survey conducted by the Pew Internet & American Life Project from February to March 2007, researches concluded that the growing volume of e-mail increases the likelihood that an e-mail user can inadvertently open spam. In fact, 27 percent of the Pew survey respondents said they occasionally open an e-mail message before realizing they are spam, according to Webroot summary of that report.
Another example of the growing e-mail danger comes from Endai Worldwide, an Internet marketing company. That company issued results of a survey on Dec. 11, 2007, that found half of e-mail users check their junk mail folder on a daily basis, likely driven by concerns that legitimate e-mails can be incorrectly tagged as spam. Reviewing identified spam in a junk folder increases the chances that spam will be opened. Particularly concerning is that 16 percent of the Endai survey respondents reported making a purchase from a message tagged as spam.