Trend Micro announced key findings from a study that reveals that more than 87 percent of corporate end users are aware of spyware, and yet 53 percent of survey respondents demand greater education from IT to better understand the threat.
The findings indicate that awareness does not translate to knowledge, and as a result users are looking to their IT departments to play a more protective role.
The study, which involved 1,200 end users from organizations ranging from large multi-national corporations to small single-office businesses, was conducted in the United States, Germany, and Japan. It revealed several findings pertaining to end-user perceptions and behavior in the workplace, and many involved the growing problem of spyware. According to the study, encounters with spyware are growing, especially in small- and medium-sized businesses.
Results revealed that spyware’s prominence appears to be greatest in the United States, where 40 percent of end users surveyed have encountered spyware at work, as compared to 14 percent in Japan and 23 percent in Germany. In all three countries, end users from SMB organizations reported a greater number of encounters than larger enterprises.
Similarly, U.S. end users are five times more likely to fall victim than their German and Japanese counterparts. For businesses with IT organizations, nearly 40 percent of respondents in the United States felt their IT departments could do more to help protect them against spyware. The U.S. findings support the fact that spyware poses a significant threat globally. For example, in Japan, corporate end users believe that their spyware protection is insufficient, with two out of three small- and medium-sized business workers and one out of two enterprise workers identifying this concern.
However, of those respondents who encounter spyware at work, only 45 percent believed they had actually fallen victim. This reveals a striking distinction between end-user awareness of the spyware threat and whether corporate end users are knowledgeable enough to identify spyware infiltration, which quite often occurs without end users knowing it.
Because of the broad awareness and relative lack of knowledge, many respondents expect IT departments to provide further education in addition to protection. This was especially the case in Japan, where 64 percent felt that their IT departments could do more to educate them about spyware. Similar figures resulted in the United States (52%) and Germany (45%).
In the midst of this call for education, one of the most troubling findings was the admission from many respondents that they are more likely to engage in risky online behavior if they have an IT department for support.
Given the growing complexity of corporate security needs and the evolving security landscape, English added that companies need multi-layered security strategies, with antivirus and content security that protects the corporate computing environment from spyware and other “blended” threats.
This layered defense — from gateways and servers to desktops and mobile devices – can thwart threats from outside a business’ borders as well as those resulting from bolder behavioral tendencies within the organization. Even if users do behave in a bolder manner online, a multi-layered strategy provides multiple lines of defense, helping to protect sensitive data and control any impact to bandwidth and productivity.
Other noteworthy findings involving spyware include:
- Viruses and Spyware are perceived as being more serious threats to corporate security than spam.
- 26% American SMB workers, and 21% American enterprise workers stated that they had fallen victim to spyware while at work.
- Only 7 percent of SMB workers surveyed in Japan and Germany were aware of falling victim to spyware, highlighting the contrasting relationship between awareness of the problem and knowledge of its presence or impact.
- Among U.S. based respondents, the top five consequences of being victimized by spyware were lower computer performance, loss of productivity, loss of connection bandwidth, malicious downloads, and violation of privacy.
The survey was conducted online in July 2005. More than 1,200 corporate end users from business organizations in the United States, Germany, and Japan responded to the survey.