Nearly Half of SMBs Are Breached Due to Malware-Laden Spam

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

10 Common Spam Scams

Identify and protect users from 10 common email scams.

With all of the other growing threats to security out there, we don't talk about spam like we used to. Yet spam is still a problem that many SMBs deal with, and according to research released by GFI Software, nearly half of all businesses have experienced a data breach as a result of employees clicking on malicious links or files within spam emails.

Some other highlights from the survey are:

  • 84 percent of those surveyed say the volume of spam in their organization has either increased (52 percent) or remained the same (32 percent) in the past year.
  • 48 percent rely on the anti-spam component of their antivirus solution to block spam; 20 percent use a software solution for anti-spam; only 14 percent use a cloud-based solution to filter email; 11 percent have an anti-spam gateway appliance.
  • 70 percent say their anti-spam solution is either marginally effective (60 percent) or not effective at all (10 percent).
  • 90 percent of companies say they regularly educate their employees about the risks of opening spam messages.

It appears to me that there is some disconnect between what SMBs are doing and what is actually happening. Almost every company claims to educate their employees about the risks of spam, yet nearly half of those companies are suffering from breaches because of employees clicking on links in spam. And again, nearly half rely on an anti-spam solution to block spam, but the vast majority say that those anti-spam blockers aren't working very well.

In a GFI Software blog post that compares spam-related issues in the U.S. and the UK, security was the top concern when it comes to spam, but looking at the issue based on this survey, companies are missing the mark. The way I see it, the two takeaway points that SMBs should get from this survey are this:

1. Re-evaluate your employee security education program. If employees are still clicking links after they have been educated on the risks, you need to investigate why. How does your education process work? Are you just asking employees to read a few pages about the importance of network security and the risks of certain behaviors? Are you ensuring that your employees have read the information? Do they have to take any kind of test to show that they understand the consequences of security?

2. Re-evaluate your technology. Since most companies say anti-spam blockers are effective, it may be time to look at different options. Yes, re-evaluating spam security measures will cost money that is likely tight in a small business. But as we continue to see with security breaches, no company is immune to an attack, and if you don't pay now, you may be paying much more later.


As Phil Bousfield, general manager of GFI Software's Infrastructure Business Unit, said in a release:

This research shows that the spam problem is not going away, and in fact, the delivery of malicious links and files makes it more dangerous than ever before.