UK companies in 'blissful ignorance' over spyware threat

Survey: Fewer than one in seven UK companies recognise that malicious emails could expose their networks to a corporate spy, say MessageLabs

UK companies are finally wising up to the importance of deploying software patches and keeping their antivirus signatures up to date, but the increasing threats from Trojans and spyware have still not sunk in, according to a survey conducted by email security services firm MessageLabs.

According to the survey, only one in five companies say the theft of confidential or sensitive information is their main email-based security threat, and just one in seven firms say email provides the potential for industrial espionage.

Natasha Staley, information security analyst at MessageLabs, said companies seem to be missing the link between spam and industrial espionage. She said that although companies know that viruses and spam can be dangerous, they don't see them as a security breech.

"When it comes to industrial espionage and the leakage of confidential information, companies seem to be saying 'I don't think it is going to happen to me. It is something I read about and it sounds pretty terrible, but I'm fairly certain I'm okay'," said Staley.

Graham Cluley, senior technical consultant at antivirus firm Sophos, said the volume of spyware is increasing and much of it is arriving on the corporate desktop thanks to a helping hand from more traditional malware.

"There is a lot of spyware out there and a lot of viruses, worms and Trojans that are interested in spying and collecting information. Email is an avenue for data to leak out and this type of malicious code to get in," Cluley said.

Mark Sunner, chief technology officer at MessageLabs, said this convergence of various email threats has created a "more damaging and complex breed of email security threat", which he believes could "mortally damage" email.

"Almost without exception, every virus we have seen during 2004 has compromised infected machines and allowed them to be remotely commandeered," said Sunner.

However, Sophos' Cluley said the main victims of spyware will be smaller companies that do not have "teams of people dedicated to protecting their computers".