The number of companies reporting a spyware infestation has increased by almost half in the past 12 months, according to a new survey.
In addition, 17 percent of companies with more than 100 employees have spyware such as a keylogger on their networks, said the authors of the annual Websense Web@Work survey, published on Tuesday.
"This is almost 50 percent growth in the instances of keyloggers that organizations are reporting back," said Joel Camissar, a manager for Internet security specialist Websense. "Despite the organizations' having a 'best of breed' antivirus, anti-spyware and firewall, we are still detecting a huge amount of back-channel spyware communication."
Spyware is seen as an increasingly serious security problem, and the U.S. Federal Trade Commission has pledged to take action against companies that distribute it. The software is installed on machines without the owner's knowledge to track their online habits, sometimes via a keylogger, which records the user's keystrokes.
One reason for the growth in corporate spyware infestation is a massive increase in the number of spyware-making toolkits being sold online, said Camissar, who referred to some research that Websense conducted earlier this year in partnership with the Anti-Phishing Working Group.
"In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosing keyloggers in the same time frame have gone up from 260 to 2,157--almost a 10-times growth," Camissar said.
The Websense survey also discovered that companies did not have much faith in their staff being able to distinguish between genuine Web sites and phishing sites, which mimic the online outlets of trusted businesses, such as banks, to try to trick people into handing over sensitive personal information.
"Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar added. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat."