Inside the numbers: Messaging (in)security

In August, SearchSecurity.com surveyed 250 IT pros from a variety of industries about messaging security programs. Here are some of the questions we asked and their responses.

QUESTIONS AND RESPONSES:

1.) True or false:
I am devoting more time this year to messaging security issues than last year.
True: 61.6%
False: 31.2%

We are giving more of our users mobile messaging devices like Blackberries or Treos.
True: 68.4%
False: 30%

Messaging (in)security

About this special report: Based on the results of exclusive readership research, SearchSecurity.com takes a closer look at the top messaging security challenges facing today's businesses. This original, multi-media series explores hot-button security issues like evolving threats, the increasing reliance on mobile devices, remote email access and instant messaging, and the technologies designed to secure it all.

Special report menu:

Day 1: Messaging insecurity fuels data leakage fears. The proliferation of messaging technology means more opportunity for malware to take root and sensitive data to be lifted.

Day 2: IT pros look for ways to lock down IM. To control growing IM threats, administrators are trying to limit which programs can be used or ban the technology altogether. But that's not always possible.

Day 3: Messaging Security podcast. Burton Group analyst Diana Kelley discusses the latest threats to messaging security and where the solutions are.

Upper management understands the need to invest in protecting messaging systems and applications.
True: 58.8%
False: 33.2%

We plan to budget more money in the next year to secure messaging systems.
True: 44.8%
False: 32%

I am worried about evolving mobile threats, such as mobile device-borne malware and data on lost/stolen devices.
True: 83.6%
False: 13.6%

Defending against viruses and worms is a problem for our organization.
True: 49.2%
False: 48%

Phishing is a threat to our business.
True: 53.2%
False: 42%

I am worried about loss/leakage of confidential information via email or instant messaging.
True: 83.2%
False: 15.2%

2.) How significant a threat do the following pose to your organization?
Email-bourne viruses, worms
Extremely significant: 26.4%
Somewhat significant: 48.4%
Not very significant: 8%
Not at all significant: 2.4%

Spam
Extremely significant: 21.6%
Somewhat significant: 45.6%
Not very significant: 12.8%
Not at all significant: 3.2%

Phishing
Extremely significant: 14.4%
Somewhat significant: 44.8%
Not very significant: 15.6%
Not at all significant: 2.8%

Instant messaging-bourne viruses, worms and Trojans
Extremely significant: 16%
Somewhat significant: 33.6%
Not very significant: 18.4%
Not at all significant: 8.8%

Botnets
Extremely significant: 16%
Somewhat significant: 34%
Not very significant: 12.8%
Not at all significant: 3.6%

Data controls of mobile devices
Extremely significant: 22%
Somewhat significant: 40.8%
Not very significant: 8.8%
Not at all significant: 2.4%

Viruses/spyware on mobile devices
Extremely significant: 17.6%
Somewhat significant: 43.6%
Not very significant: 12.8%
Not at all significant: 3.2%

3.) How effective is your organization at the following tasks related to securing e-mail systems?
Patch management
Extremely effective: 34%
Somewhat effective: 48%
Not very effective: 5.2%
Not at all effective: 2%

Securing remote/Web access to email
Extremely effective: 34.8%
Somewhat effective: 49.2%
Not very effective: 6.4%
Not at all effective: 0.8%

Managing and filtering for spam
Extremely effective: 35.6%
Somewhat effective: 50.4%
Not very effective: 5.2%
Not at all effective: 1.6%

Deploying and updating antivirus Extremely effective: 61.2% Somewhat effective: 33.2% Not very effective: 2% Not at all effective: 0.4%

Configuring/locking down messaging servers
Extremely effective: 31.2%
Somewhat effective: 42.8%
Not very effective: 4.8%
Not at all effective: 0.8%

4.) Will your organization upgrade to Exchange 2007? (Top five answers)
We don't use Exchange: 26.8%
Yes, we expect to upgrade within two or more years of its release: 19.6%
Yes, we expect to upgrade within one year of its release: 16%
We have no plans to upgrade: 14%
Yes, we expect to upgrade within 6 months of its release: 7.6%

5.) When it comes to users relying on mobile devices for email, how effective is your organization at each of the following?
Protecting stored data
Extremely effective: 13.6%
Somewhat effective: 44%
Not very effective: 12.4%
Not at all effective: 2%

Enforcing access control
Extremely effective: 22.4%
Somewhat effective: 40.8%
Not very effective: 12.4%
Not at all effective: 1.6%

Authenticating the user
Extremely effective: 34%
Somewhat effective: 40.4%
Not very effective: 5.6%
Not at all effective: 1.2%

Configuring/locking down the mobile server
Extremely effective: 18%
Somewhat effective: 39.6%
Not very effective: 8.8%
Not at all effective: 0.8%

Defending against SMS text messaging spam
Extremely effective: 6.4%
Somewhat effective: 23.6%
Not very effective: 13.2%
Not at all effective: 6.4%

Defending against mobile viruses and worms
Extremely effective: 9.6%
Somewhat effective: 33.2%
Not very effective: 12.8%
Not at all effective: 4%

Defending against mobile-bourne spyware
Extremely effective: 7.6%
Somewhat effective: 30.8%
Not very effective: 15.6%
Not at all effective: 4.4%

Establishing and enforcing sound user policies
Extremely effective: 14%
Somewhat effective: 39.6%
Not very effective: 16%
Not at all effective: 5.2%

6.) True or false:
At least some of our users rely on free instant messaging systems like AOL or MSN to communicate at work.
True: 50.8%
False: 45.6%

My organization sees IM as a breeding ground for viruses and worms
True: 51.2%
False: 40%

My organization has sound written policies for policing IM usage
True: 36%
False: 56.4%

My organization uses a corporate instant messaging product
True: 28.8%
False: 69.6%

My organization bans instant messaging
True: 31.6%
False: 67.6%

My organization currently uses a third-party product to secure IM
True: 9.6%
False: 83.6%

7.) Which of the following security steps is your organization most likely to take to defend against instant messaging threats? (Top five answers)
Update desktop antivirus software: 46%
Configure firewalls to block the use of IM on the corporate network: 33.2%
Establish and enforce a corporate IM usage policy: 28.4%
Patch IM-related vulnerabilities: 27.2%
Ban instant messaging: 25.6%

Read more on Operating systems software