Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
* Social Responsibility's Strategic Benefits
October 29
Apply today for a FREE subscription to CIO Magazine!
June 01, 2007 — CSO —
Here are two stunning statistics from the war against spam. First, roughly 75 percent of Internet mail is now spam—that means for every legitimate e-mail message received, three pieces of spam are also received. There’s a lot of spam, and it’s more or less on the rise (although certain kinds of spam are becoming more or less popular).
The second statistic is about the effectiveness of businesses in handling spam. Apparently employees at businesses with 24 users or fewer see nearly 600 spam messages a month. What’s surprising here is that this is more than five times the spam that’s seen, on average, by employees at companies with 10,000 users or more.
Both of these statistics come from MessageLabs, one of the two dominant players in the world of spam filtering today. Spammers aren’t targeting small businesses, MessageLabs wrote in the March issue of its Internet Threat Watch. Instead, employees at small companies are less likely to have effective spam filtering measures.
This might seem like a self-serving finding from MessageLabs, which markets its service primarily to large corporations. But the conclusion is more or less in line with my own experience. Spam filtering is not something that you can set up and forget: An antispam system that works well today will slowly lose its potency as the spammers learn how to evade the filtering techniques that you’ve implemented. Large organizations can dedicate the time and money to staying current with their antispam technology, but small companies generally can’t. As a result, the level of spam seen by employees at small organizations slowly creeps up after each new system is deployed until the amount of spam becomes unbearable, then the next system is rolled out.
Recently I had the chance to speak with antispam specialists at MessageLabs and Postini (the other dominant player in the world of antispam). I asked both companies what they thought would be the greatest problems facing spam-fighters in the coming year. To understand the answers, it’s important to understand that spam has a lifecycle, and this lifecycle highlights many of the world’s persistent computer security problems.
Bot Economics
Most of the spam that reaches your mailbox was sent from a bot—an ordinary home or office PC that wouldn’t be notable other than the fact that it has a high-speed Internet connection and that it’s under the control of a malicious third party. I’ve seen estimates that there are between 1 million and 100 million infected computers in the world today. I have no idea how these estimates are made, whether they are reliable, and what they actually mean. But it’s clear that there are a lot of machines infected with bots, and that the existence of these machines represents a failure of today’s antivirus and antispyware approaches.
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.