AP countries 'can do more' to combat spam

A study finds most companies managing spam at the gateway but leaving other potential network entry points vulnerable to cyber threats.

SINGAPORE--Countries in the Asia-Pacific region are quick to adopt antispam solutions, but they may not be adequately protected, according to an IDC analyst.

Speaking at the inaugural Asian Internet Security Summit in the island-state, Willie Low, an analyst at IDC Asia-Pacific, said there are still security gaps to be plugged, although a recent study conducted by the research firm revealed that 86 percent of businesses in the region were outfitted with antispam solutions.

Low cautioned against opening the champagne, as "many of the enterprises install antispam solution at the gateway and consider themselves protected". Businesses "can do more," such as installing antispam software for mail servers as well as individual desktops and not just stop at a single defense point, he added.

According to IDC's findings, Singapore ranked highest in terms of antispam adoption, while the region's top spenders in antispam software were Australia, Korea, China, India and Taiwan, said Low. Australian companies significantly out-spent their Asian counterparts, investing about US$4 million in 2004.

Antispam spending in the region, he noted, was driven by different factors. In Australia and India, compliance was the main reason, although in the latter's case, it was largely to win over clients from countries such as the United States that need to comply with regulations. In Korea, spending was mostly driven by the desire to enhance employee productivity.

One notable challenge for Asia in combating spam e-mail lies in the different language requirements. Companies should check with the vendors about the software's ability to handle multiple languages, said Low.

Beware mobile spam
Speakers at the conference also devoted time to address mobile messaging spam.

Peter Cook, vice president of network applications at Singapore-based carrier StarHub, noted the potential for mobile spam to be privacy intrusive. As people's identities are usually intertwined with their mobile phones, mobile spam is "a greater intrusion of privacy" than e-mail spam, he said.

Cook pointed out that cost is a "major mitigating factor", as the sender has to pay for each message he sends, unlike e-mail where sending messages overseas cost next to nothing.

According to Cook, mobile spam is "not yet a problem for the Asia-Pacific region". However, he noted that the extent of the problem differed from country to country. For example, according to statistics from the Korea Information Security Agency, the number of mobile spam cases rose dramatically from just over 36,000 in 2003 to over 244,000 at the end of October 2004, he added.

Japanese youth, who are heavy users of smart phones, are also vulnerable to mobile spam and viruses, noted Makoto Yokozawa, senior consultant at the Center for Knowledge Exchange and Creation of the Nomura Research Institute.

According to a survey conducted in Tochigi Prefecture, northeast of Tokyo, 95 percent of high school respondents carried a smart phone, Yokozawa said. In addition, 41 percent of those in junior high school, and 13 percent of elementary school students, were smart phone users.

On whether these students responded to messages to their smart phones from unknown senders, Yokozawa said 18 percent of high school students replied in the positive, compared to 16 percent for junior high school students and 4 percent for elementary school students.

According to Yokozawa, around 500,000 spam notifications were received by a security center of the Japanese government last year, and 27 percent of them involved mobile phone users.

Yokozawa, who was present at last week's World Summit on the Information Society in Tunis, Tunisia, stressed the need for greater collaboration among various stakeholders. He said it was important for all--government, university, industry and civil society--to work towards a spam-free society.

He added that the representatives who gathered in Tunis had reaffirmed their commitment to combat spam in the Common Procedures, calling for stakeholders to "adopt a multi-pronged approach in the form of legislation, law enforcement and education for both businesses and consumers".