Companies are focussing on internal threats but outbound risks are still a problem.
Mike Smart, senior product manager at Secure Computing claimed that there is a move to the protection of outbound email though many companies are slow to take it up.
Smart said: “We have done a couple of surveys, some in the UK and some worldwide, as well as using statistics from reports from InfoSec and the Department for Business, Enterprise & Regulatory Reform (BERR), and the results show that there is more of a move towards protecting an outbound threat.
“As a provider of email security we wanted to understand buying behaviour, and we see products going out the door, but the reality is that anti-spam is a known quantity from a risk perspective and in our survey – which was done in conjunction with IDC – we found that 60 per cent of US-based enterprises that we surveyed had anti-spam and they said that it was 90 per cent sufficient, while three per cent said that they were dissatisfied. If you consider that 5000 emails can be sent from a company of 1000 staff, and the anti-spam is insufficient, it can create a risk.”
The scanning of potential outbound threats is something that companies feel that they should be doing according to Secure Computing, but as a focus is placed on insider threats this can be bypassed.
Smart said: “Most people haven't done anything about outbound threats, traffic is leaving the organisation and should be encrypted in the first instance and the same for web traffic too. Any form of communications could be a risk, the BERR report showed that 16 per cent of people are scanning their outbound email which means that 84 per cent are not, we found out that 86 per cent of companies know that they should be doing it but don't know how to go about it.
“In the next 12 to 18 months we will see budgets and policies start to enforce it as there is a big gap from what companies want to do to what they can do.”