Pressure Mounts for IT to Do More Than Just Protect Against Spam, Phishing - End Users Call for Education
November 08 2005 - 11:22AM
PR Newswire (US)
Trend Micro Study Reveals How Spam-Enabled Phishing Attacks Are
Influencing End-User Expectations of IT to Protect Employee
Privacy, Minimize Support Costs TOKYO, Nov. 8
/PRNewswire-FirstCall/ -- Trend Micro, Inc.
(NASDAQ:TMIC)(TSE:4704), a leader in antivirus and content
security, today announced key findings from a study that reveals
how spam-enabled phishing attacks are impacting end users at work,
and, as a result, influencing their expectations of IT to ensure
corporate and personal information security. The study involves
1,600 non-IT professionals from various-sized organizations in the
United States, the United Kingdom, Germany, and Japan. Of all the
findings, one of the most prominent is that the majority of
respondents expected IT to better educate them on the dangers posed
by phishing -- a profit-motivated threat that is increasing in
prevalence and, in the process, jeopardizing corporate and personal
information. Because spam often serves as a vehicle for delivering
phishing attacks, the study heightens the urgency for organizations
to protect against both types of threats to ensure employee
security and prevent costly impact to business. "The results of
this study indicate that end users expect IT organizations to play
more of a proactive role as an educator rather than just a
back-office support function," said Dave Rand, Trend Micro's chief
technologist of Internet security. "This is because phishing hurts
more than just companies -- it exploits individuals personally.
Considering the personal dangers associated with phishing, IT has a
golden opportunity to assume a more strategic role in protecting
business continuity and employees." The Prevalence of Phishing
According to the study, encounters with phishing vary based on the
size of an organization and by country. The highest prevalence was
in the United States, where 43 percent of U.S. respondents reported
experiencing a phishing threat. One out of every two business
organizations of less than 500 employees said they encountered
phishing at work. However, in Germany, particularly within small
businesses, encounters increased in frequency. While one out of
every four respondents from small businesses reported encountering
phishing, more than half of those who did -- 57 percent -- said the
number of encounters had increased in the three months leading up
to the study. Meanwhile, in the United Kingdom, the growing
frequency of phishing was more evident in larger organizations,
where more than two of every five (41%) enterprise respondents
experienced increasing encounters. Victims and Consequences
Regardless of the organization's size, phishing poses a direct
threat to end users' privacy and personal information. According to
the study, the United Kingdom reported the highest percentage of
victims -- 7 percent from small businesses and 4.5 percent from
larger businesses. "These numbers may seem small, but imagine a
business with one thousand employees and forty-five of them falling
victim to phishing," Rand said. "Imagine a smaller business with
one hundred employees -- in the United Kingdom, seven of those
employees are likely to fall victim. In the United States, odds are
that two or three out of every one hundred employees will be
victimized. The workplace is supposed to be a safe environment, but
phishing attacks are threatening that standard." Of those who
reported falling victim, more than half (58%) reported that their
privacy was violated. At least a third said they lost personal
information, experienced drop-offs in productivity, or were victims
of identity theft. In addition to the personal impact on individual
end users, more than one of every five victims (21%) said they lost
corporate information as well. "With phishing, the company and the
individual suffer," Rand said. The Impact on IT Not surprisingly,
respondents did not hesitate contacting IT after experiencing a
security breach. For example, in Germany, almost half (44%) of all
respondents from small businesses said they contacted IT to report
a security breach. For larger German enterprises, 38 percent of the
respondents reported security issues to IT. Based on these figures,
a company with 1,000 employees could hypothetically incur helpdesk
calls from 380 end users -- a scenario that could place immense
pressure on IT's support capabilities and response times. "If a
security breach occurs, IT can easily become overwhelmed," Rand
said. "When this happens, the end user loses personal information
while the company loses productivity and opportunity costs.
Phishing is more than a security issue. It is a business problem."
More Education, Better Protection Although many respondents
indicated that their IT organizations had implemented anti-phishing
solutions, their effectiveness was called into question by at least
a third of those surveyed in each country. The lack of confidence
was highest in Japan. Almost two of every three Japanese
respondents (63%) said their anti-phishing protection was not good
enough. The smaller the organization, the more pervasive the
sentiment. Three of every four Japanese respondents from small
businesses lacked confidence in their anti-phishing protection.
When asked if their IT organizations could do a better job of
protecting them from phishing, 43 percent of all Japanese
respondents said yes. At least one of every four surveyed in the
United States and United Kingdom agreed. But in addition to
protection, many of the respondents said IT could do a better job
of educating them about phishing and how to avoid falling victim to
an attack. Again, Japan expressed the most concern over IT's role
as an educator -- 63 percent believed that IT could do a better job
of educating them as a proactive, precautionary measure. Half of
the end users surveyed in the other three countries also felt IT
could improve its efforts in education. "Protecting against spam
and phishing requires more than just a product. It requires
unifying security and business as one initiative," Rand said. "IT
needs to assume a proactive, preventative role via education. It
needs to leverage the growing awareness of phishing, educate end
users how to avoid falling victim, and warn them of the
consequences associated with engaging in risky online behavior at
work." Survey Methodology The survey was conducted online in July
and September 2005. More than 1,600 corporate end users from
business organizations in the United States, United Kingdom,
Germany, and Japan responded to the survey. About Trend Micro, Inc.
Trend Micro, Inc. is a leader in network antivirus and Internet
content security software and services. The Tokyo-based corporation
has business units worldwide. Trend Micro products are sold through
corporate and value-added resellers and managed service providers.
For additional information and evaluation copies of all Trend Micro
products, visit our Web site, http://www.trendmicro.com/ NOTE:
Trend Micro and the t-ball logo are trademarks or registered
trademarks of Trend Micro Incorporated. All other company or
product names may be trademarks or registered trademarks of their
owners. Mike Haro of Trend DATASOURCE: Trend Micro, Inc. CONTACT:
Mike Haro, Public Relations Manager of Trend Micro, Inc.,
+1-408-850-1069, or Web site: http://www.trendmicro.com/
Copyright
Trend Micro (NASDAQ:TMIC)
Historical Stock Chart
From Jun 2024 to Jul 2024
Trend Micro (NASDAQ:TMIC)
Historical Stock Chart
From Jul 2023 to Jul 2024