Spam is so yesterday. It's all about spyware and phishing now. That's what a majority of IT professionals told New York research firm TheInfoPro Inc. (TIP) when it conducted a survey on behalf of San Jose, Calif.-based Secure Computing in March and April.
Respondents said they now have the right tools to fight spam. But they cringe at the thought of employees getting duped
"Spam doesn't seem to be a big issue anymore because we've learned to live with it," he said. "IT administrators think they now have the right tools and approach to deal with it. They don't feel that way about phishing and spyware."
That's a big change from September, when TIP polled 111 IT managers and found that only about a quarter of them considered spyware a major problem. This time 102 IT managers were surveyed, and 72% said they're spending "more" or "significantly more" time on security in part because of spyware and phishing. Twenty-four percent said they're spending "about the same" amount of time on it, while just about 5% are spending less time.
Among those polled:
- 79% were "more concerned" about employee workstations being infected with spyware -- significantly more than the 25% who felt that way last September and in another survey in February 2004;
- 59% were "more concerned" about employees visiting phishing sites;
- Only 27% saw spam as a major problem; and
- 45% said they were actually less concerned about spam;
"They didn't know much about spyware and phishing 12 months ago, and now many don't think they have the tools to defend against it," Kerstetter said. "A year from now they'll probably be worried about something completely different; something nobody is thinking about today."
He was unwilling to predict what that might be. "I wish I knew," he said. "If I did, I'd go build a product to deal with it. It may even be something that's been around for awhile that will be used in a new way to attack us. You never know."
Those surveyed work for large- and midsize enterprises that belong to the TIP Network. Those interviewed were asked eight primary questions and four sub-questions for each of two main queries. Among those questions, IT managers were asked how much time their organization spends on security compared to last year, and whether they are more or less concerned about hacking, spam, spyware or phishing than they were last year.