An independent NOP survey commissioned by Blue Coat among 999 users aged between 15 - 65+ today reveals that a total of 61% of those who use the Internet at work believe that no company policy is in force for handling the spyware problem, or else have no idea what their employer's policy on spyware is. The findings show that 51% of respondents believe that ISPs should be charged with preventing spyware. Only 10% believed that employers should take responsibility for addressing the problem
Evidence from a survey conducted by WatchGuard to IT Managers earlier this year stated that there was widespread trepidation regarding spyware, with over two-thirds citing spyware as the biggest threat of the year. But the apparent absence of company policy exposed by the NOP survey indicates that IT Managers and Directors have not taken decisive action to put in place measures to minimise the menace of spyware in the workplace.
The NOP Survey shows that only 36% of respondents understand what spyware is. Although 30% of respondents run spyware checkers on their office PC, the survey sample appears to suggest that they are choosing to do so from personal choice and experience as opposed to being required to do so through the decisions of the board or the IT Director.
"These results show that there is a clear need for improved leadership on establishing security policy within organisations, " says Nigel Hawthorn, VP of International Marketing and Channels. "It is encouraging that some employees are proactive in addressing the spyware problem, but the threat is serious enough to warrant greater attention at the board level. There should be transparent policies in place. We have heard that spyware is considered a serious threat, but if this is true, then effective policy should have been directed from above - and this appears not to have been the case so far."
Hawthorn adds, "As spyware becomes increasingly synonymous with information security and risk management, this is no longer a productivity issue - as it has been traditionally viewed. In the past, reduced system performance has been perceived as spyware's most troublesome after-effect. What can be observed now is malware authors taking spyware away from its neutral roots into internet crime - whether by hijacking browsers and diallers, keystroke logging or laying the groundwork for mass spamming. These authors are also using tricks from the virus world by identifying and exploiting browser vulnerabilities to their advantage."
"Clearly, taking all evidence into account, this is a huge problem for the enterprise," concludes Hawthorn. "Now that spyware is opening up the doors for information theft, it is time for enterprises to finally face up to the problem, educate their users and enforce clearly defined policy. The risks are simply too great to leave employees to deal with the spyware problem themselves."