Spam continues to be a concern for enterprises and end users

by Sohini Bagchi    Mar 06, 2013


For some time, it was believed that there has been a substantial decrease in the spam level worldwide and enterprises as well as security providers were concentrating on other areas of security attacks. However, a new report by Sophos Labs revealed that spam continues to be a concern for both businesses and end user customers.

According to the report, India has ranked third on the list of the countries distributing spam across the world, after US and China. While the US was the single highest-ranking country generating 18.3 per cent of the global spam as per the report, Asia topped the list of continents generating 36.6 per cent of the worldwide spam. The study tracked the amount of spam sent between December 2012 and February 2013.

As per statistics, in the first two quarters of 2012, India was leading the way but showed a sharp decline in the last two quarters of the year. Currently, China occupied the second place with 8.2 per cent and India stands at 4.2 per cent as far as spam generation is concerned. According to the study other high ranking countries include Peru, France, South Korea, Russia and Italy.

Spam 2.0 on the rise
According to security evangelist Arindam Dutta, the nature of spam is becoming more sophisticated, giving rise to targeted spam attacks. “The reason we saw a decrease in the traditional spam level is because all enterprises use some kind of anti-spam protection. There are so many spam filters available in the market from leading security vendors. In addition to this, most email providers have introduced mandatory digital signatures that verify the domain from which emails are sent. However, while focusing on higher level of security attacks such as APTs and cyber warfare, most companies often ignore the basic security measures and this affects the enterprise adversely when an attack occurs,” says Dutta.

“At the same time, enterprises should be alert of spam 2.0, with the increased usage of social networking platforms,” warns Vishal Anand Gupta, Jt. Project Director HIMS & Manager - Systems, CMRI. Mobile spam is also an area that needs to be looked into, he believes. As business use of smartphones and tablets increases, attackers will target your employees’ mobile devices; not to compromise the device itself, but to gain entry into your corporate IT environment for purposes of data theft.

According to data, nearly 350,000 different types of spam SMS messages were targeted at mobile users in 2012 and the number will grow steadily in 2013.

Thinking security
Experts believe that companies should be proactive in protecting information, computers and networks from spam and other security attacks. Every business needs to have a series of security countermeasures that protect an organization’s information assets, such as security policies, firewalls and antivirus and anti spam software.

“Simple steps such as keeping your machines clean, having the latest security software, web browser, and operating system on a regular basis can protect against viruses, malware, and other online threats,” says Andy Steingruebl, senior manager, customer and eco-system security at PayPal. He believes that it is essential to provide firewall security for your Internet connection, install antivirus software to run a scan after each update as well as other key software updates on a regular basis. According to Steingruebl, patch management that often involves acquiring, testing, and installing appropriate patches to administered systems can prove to be very effective, but IT leaders often overlook these steps.

The Sophos Lab report also states that compromised user PCs are a huge avenue of spam distribution. As precaution, users should keep their anti-virus software up to date, run regular malware checks, and update their hard-to-guess passwords on a regular basis.