Spyware threat larger than you think

According to the nationwide survey done by Equation Research for security vendor Webroot, more than 70 percent of the corporations polled see spyware as a threat, but fewer than 10 percent have deployed anti-spyware software to protect their networks.
The disconnection between perception of the problem and doing something about it seems to come from a sluggish reaction by enterprises and a habit of putting out fires rather than rolling out defences, said Richard Stiennon, the vice-president of threat research at Webroot.
"It's a repeat of the spam problem, when companies first didn't acknowledge it as a security problem, but saw it as a 'pain point'," said Stiennon. "Enterprises just don't see spyware as a desktop security problem yet."
And rather than treat spyware - the remora-like software that's often surreptitiously downloaded to a user's computer when other, more benign programs are retrieved from the internet - with a multi-tier defensive strategy as they do worms and viruses, companies look at spyware as a point problem, said Stiennon.
"Most of the time they head straight for the free downloadable anti-spyware tools on the Net, do a clean-up, and they think they're done," he said. "Too often IT goes for this 'first responder' type of solution, and then moves on to the next problem."
Ninety-six percent of the IT managers and executives polled said that they feel their existing anti-virus and firewall defences protect them from outside threats.
But 82 percent reported that desktops in their organisations are currently infected with spyware. Over a third have noticed a spike in spyware over the last six months.
Spyware gets on company machines, said Stiennon, one of two ways: either from employees downloading software from the internet, or when they browse to spyware-prone sites.
"Companies that are really restrictive on what their employees can do on the web are experiencing much less of a problem," said Stiennon, "but using that route means making big, big changes in how a company runs it business."
Instead, centrally managed anti-spyware solutions - which not coincidentally, Webroot sells in the form of its Spy Sweeper Enterprise - are what Stiennon proposes.
Although it's virtually impossible to put dollar figures on downtime due to spyware, one part of the enterprise can provide a quantifiable accounting of spyware's impact: the corporate help desk.
"Because help desk support is the most heavily exercised part of IT, companies know what the calls involve," said Stiennon.
"Dell, for instance, says that 20 percent of its calls come from spyware problems, but in the enterprise it's even more so. Some companies are seeing 50 to 75 percent of their help desk calls stemming from spyware."

larger security spyware than think threat you