Today, the findings of a study into corporate end user perceptions of and experiences with security threats compared to a similar study conducted in 2005 were announced by TrendMicro. The study tracked responses from 1600 corporate computer end users across U.S., U.K., Germany and Japan and compared them to analysis from Trend Micro TrendLabsSM global threat research network and a similar study conducted in 2005.
Both Trend Micro research and the survey findings recognize an increase in spam between 2005 and 2007, yet fewer corporate end users in the U.S. acknowledge having received spam. U.K. respondents generally perceive security threats to be less serious in 2007 compared to 2005. However, German respondents by contrast, consider all threats to be more serious in 2007 compared to 2005.
Interestingly, according to threat research, digital threats increased 163 percent between December 2005 and November 2006. Specifically, Web threats grew by 540 percent from January 2005 to January 2007. End users may show a lack of concern for the seriousness of threats owing to the silent and invisible nature of many new infection routines.
Worldwide, viruses, spam and spyware continue to be security threats that end users are most aware of. In particular, in Japan the awareness for spyware increased significantly from 76 percent in 2005 to 93 percent in 2007.
Although 4 in 10 respondents in all countries indicated that they have received more spam over the past three months, when compared to the 2005 study U.S. respondents reported an overall decline in the percentage of spam received (84 percent in 2005 compared to 72 percent in 2007).
By contrast, spam tracking saw the amount of French and German language spam peak last summer (between May and August 2006) in enormous quantities, spam numbers fluctuated between 1 million and 6 million pieces per month. This trend later slowed to between 7 thousand and 10 thousand messages per month.
From September 2006 to December 2006, the quantity of Japanese language spam peaked at almost 1 million, but numbers have now reverted back to an average of 350 thousand per month. English-language spam peaked in August 2006 at around 39 million, and is now down to an average of 2 million per month.
The fluctuation in quantities of spam tracked is owed both to the growth of image spam and also the introduction of new technologies such as that which can identify and block image spam.
Similar to spam encounters in the survey, the percentage of respondents who encountered spyware declined in the U.S. (41 percent in 2005 versus 35 percent in 2007) and Germany (23 percent in 2005 versus 19 percent in 2007) but most notably in the U.K. (42 percent in 2005 versus 26 percent in 2007).
Similar to spam, it is likely that the decrease in spyware may be due to the increased complexity and sophistication of attacks and that end users are less able to identify new, silently installing malicious code.
Other noteworthy findings include:
Given the increased number and sophistication of spam and phishing attacks, continued education of corporate end users is urged. In addition to being an inconvenience to end users, spam and phishing attacks often include links to sites hosting malicious threats such as spyware. Infections through this route pose a serious threat because victims of such attacks become vulnerable to personal and corporate information theft.
While end users in certain countries recognize the seriousness of threats, they are also more likely to take risks and open suspicious documents or click on suspicious links from corporate computers. Perhaps owing to the availability and reliance on support teams in the corporate environment, they feel less personally responsible for secure habits and practices at work, and more responsible on their home computer when their personal security is at stake.