A new study commissioned by Trend Micro found that more than 87 per cent of corporate end users are aware of spyware, and yet 53 per cent of survey respondents demand greater education from IT to better understand the threat. The findings indicate that awareness does not translate to knowledge, and as a result users are looking to their IT departments to play a more protective role.
The study, which involved 1,200 end users from organisations ranging from large multi-national corporations to small single-office businesses, was conducted in the United States, Germany, and Japan. It revealed several findings pertaining to end-user perceptions and behavior in the workplace, and many involved the growing problem of spyware. According to the study, encounters with spyware are growing, especially in small- and medium-sized businesses.
Results revealed that spyware’s prominence appears to be greatest in the United States, where 40 per cent of end users surveyed have encountered spyware at work, as compared to 14 percent in Japan and 23 per cent in Germany. In all three countries, end users from SMB organizations reported a greater number of encounters than larger enterprises.
Similarly, U.S. end users are five times more likely to fall victim than their German and Japanese counterparts. For businesses with IT organizations, nearly 40 per cent of respondents in the United States felt their IT departments could do more to help protect them against spyware. The U.S. findings support the fact that spyware poses a significant threat globally. For example, in Japan, corporate end users believe that their spyware protection is insufficient, with two out of three small- and medium-sized business workers and one out of two enterprise workers identifying this concern.
However, of those respondents who encounter spyware at work, only 45 per cent believed they had actually fallen victim. This reveals a striking distinction between end-user awareness of the spyware threat and whether corporate end users are knowledgeable enough to identify spyware infiltration, which quite often occurs without end users knowing it.
Because of the broad awareness and relative lack of knowledge, many respondents expect IT departments to provide further education in addition to protection. This was especially the case in Japan, where 64 per cent felt that their IT departments could do more to educate them about spyware. Similar figures resulted in the United States (52 per cent) and Germany (45 per cent).
In the midst of this call for education, one of the most troubling findings was the admission from many respondents that they are more likely to engage in risky online behavior if they have an IT department for support.
“The challenge of maintaining security for businesses is compounded by the tendency of end users to engage in riskier computer activities while at work,” said Ed English, Trend Micro vice president and chief technologist, anti-spyware. “Spyware is a security issue that has now come of age, and while end users may question the effectiveness of anti-spyware solutions deployed by their IT departments, they also admit to relying heavily on IT for protection – and many appear willing to ignore their personal responsibility of staying aware and protected through sensible online behavior.”
Given the growing complexity of corporate security needs and the evolving security landscape, English added that companies need multi-layered security strategies, with antivirus and content security that protects the corporate computing environment from spyware and other “blended” threats. This layered defense – from gateways and servers to desktops and mobile devices – can thwart threats from outside a business’ borders as well as those resulting from bolder behavioural tendencies within the organization. Even if users do behave in a bolder manner online, a multi-layered strategy provides multiple lines of defense, helping to protect sensitive data and control any impact to bandwidth and productivity.
“With the growing threat of spyware, IT needs to ensure that its users have a thorough education on how to protect themselves while ensuring their organizations are protected by proven, reliable, and responsive anti-spyware solutions,” English said. “That education should serve as an enabler of more protection among end users, not just IT.”
Other noteworthy findings involving spyware include:
Viruses and Spyware are perceived as being more serious threats to corporate security than spam.
26 per cent American SMB workers, and 21 per cent American enterprise workers stated that they had fallen victim to spyware while at work.
Only seven per cent of SMB workers surveyed in Japan and Germany were aware of falling victim to spyware, highlighting the contrasting relationship between awareness of the problem and knowledge of its presence or impact.
Among U.S. based respondents, the top five consequences of being victimized by spyware were lower computer performance, loss of productivity, loss of connection bandwidth, malicious downloads, and violation of privacy.
Survey Methodology:
The survey was conducted online in July 2005. More than 1,200 corporate end users from business organizations in the United States, Germany, and Japan responded to the survey.