A recent survey of more than 500 IT managers found that an overwhelming majority ranked spyware among their top three IT priorities for 2005.
Eighty-seven per cent of participants also believe the spyware problem will get worse before it gets better, according to the survey, which was conducted
online last month by TechRepublic, an online resource for IT professionals. The survey, which was released Monday, was commissioned by security vendor Trend Micro Inc.
While 45 per cent of small enterprises (under 500 employees) and 57 per cent of large enterprises (over 500 employees) believe anti-spyware is most effectively deployed at the gateway, only 15 per cent of small businesses and 26 per cent of large businesses have it deployed there, the survey reported.
“They are not on top of spyware,” said Jack Marsal, senior product marketing manager, Trend Micro. “Spyware has changed over the last year to year and a half and become much more of a problem with the addition of adware.”
Adware is a for-profit kind of spyware that significantly slows down computers and can cause them to crash. The survey found that 95 per cent of companies report that adware is frequently found within their organization.
Marsal added that Gartner Group says that more than 25 per cent of help desk time is wasted due to spyware. “The problem is out of hand.” Over 90 per cent of those surveyed said they’ve seen an increase in the amount of spyware on their networks in the past three months.
When it comes to IT security here Canadian businesses also placed spyware near the top of their lists. An IDC Canada survey of small, medium and large Canadian companies conducted last summer showed that IT managers are concerned about viruses, security incidents or breaches, firewall and hacking or threats.
While many of these respondents indicated that their number one purchase in the next 12 months would be anti-virus software, Joe Greene, vice-president of IT security research at IDC Canada said they’re also looking at upgrading their network products to improve their perimeter defence.
This is one of the easiest ways companies can guard themselves against spyware, said Brian O’Higgins, chief technology officer at Ottawa-based Third Brigade Ltd.
“Doing something on the network or gateway could be quite effective very quickly,” said O’Higgins, adding anti-spyware software should also be deployed at the desktop level. “End users are always going to browse to Web sites and catch stuff. You can’t drive everything on servers.”
While traditional big security spenders like financial services followed by the government are on top of these kinds of security breaches, many small and mid-sized companies are often caught off guard, said Greene.
“Banks have a good handle on what’s going on here,” said Greene. “But many companies do not. The market right now for medium, small companies is reactive rather than proactive. They’re only going to do something if something really happens to them.”
Likewise, O’Higgins said companies need to invest in a solution or face the consequences, which can often end up costing them more as a result of lost time and productivity.
“The companies that generally spend more money on security are aware of the issues and they’re the first ones to roll out these tools,” said O’Higgins. “The people that don’t spend a lot of attention on security are the ones that get bitten — they got hit by worms and viruses and now they’ll get hit by spyware.”
Top spyware-related concerns include, lowered computer performance and loss of confidential personal or corporate information — something companies need to be weary of in the wake of regulations and compliance laws like PIPEDA and Sarbanes-Oxley, added O’Higgins.
“You worry about disclosure of sensitive corporate data and customer data. Your data generally lives on your servers. But if a user has got some spyware that’s logging his keystrokes you could do all kinds of bad things. For a lot of legal and regulatory reasons they need to be concerned about it,” he said.