Inside the numbers: Messaging (in)security
In August, SearchSecurity.com surveyed 250 IT pros from a variety of industries about messaging security programs. Here are some of the questions we asked and their responses.
1.) True or false:
I am devoting more time this year to messaging security issues than last year.
True: 61.6%
False: 31.2%
We are giving more of our users mobile messaging devices like Blackberries or Treos.
True: 68.4%
False: 30%
![]() |
||||
|
![]() |
|||
![]() |
Upper management understands the need to invest in protecting messaging systems and applications.
True: 58.8%
False: 33.2%
We plan to budget more money in the next year to secure messaging systems.
True: 44.8%
False: 32%
I am worried about evolving mobile threats, such as mobile device-borne malware and data on lost/stolen devices.
True: 83.6%
False: 13.6%
Defending against viruses and worms is a problem for our organization.
True: 49.2%
False: 48%
Phishing is a threat to our business.
True: 53.2%
False: 42%
I am worried about loss/leakage of confidential information via email or instant messaging.
True: 83.2%
False: 15.2%
2.) How significant a threat do the following pose to your organization?
Email-bourne viruses, worms
Extremely significant: 26.4%
Somewhat significant: 48.4%
Not very significant: 8%
Not at all significant: 2.4%
Spam
Extremely significant: 21.6%
Somewhat significant: 45.6%
Not very significant: 12.8%
Not at all significant: 3.2%
Phishing
Extremely significant: 14.4%
Somewhat significant: 44.8%
Not very significant: 15.6%
Not at all significant: 2.8%
Instant messaging-bourne viruses, worms and Trojans
Extremely significant: 16%
Somewhat significant: 33.6%
Not very significant: 18.4%
Not at all significant: 8.8%
Botnets
Extremely significant: 16%
Somewhat significant: 34%
Not very significant: 12.8%
Not at all significant: 3.6%
Data controls of mobile devices
Extremely significant: 22%
Somewhat significant: 40.8%
Not very significant: 8.8%
Not at all significant: 2.4%
Viruses/spyware on mobile devices
Extremely significant: 17.6%
Somewhat significant: 43.6%
Not very significant: 12.8%
Not at all significant: 3.2%
3.) How effective is your organization at the following tasks related to securing e-mail systems?
Patch management
Extremely effective: 34%
Somewhat effective: 48%
Not very effective: 5.2%
Not at all effective: 2%
Securing remote/Web access to email
Extremely effective: 34.8%
Somewhat effective: 49.2%
Not very effective: 6.4%
Not at all effective: 0.8%
Managing and filtering for spam
Extremely effective: 35.6%
Somewhat effective: 50.4%
Not very effective: 5.2%
Not at all effective: 1.6%
Deploying and updating antivirus Extremely effective: 61.2% Somewhat effective: 33.2% Not very effective: 2% Not at all effective: 0.4%
Configuring/locking down messaging servers
Extremely effective: 31.2%
Somewhat effective: 42.8%
Not very effective: 4.8%
Not at all effective: 0.8%
4.) Will your organization upgrade to Exchange 2007? (Top five answers)
We don't use Exchange: 26.8%
Yes, we expect to upgrade within two or more years of its release: 19.6%
Yes, we expect to upgrade within one year of its release: 16%
We have no plans to upgrade: 14%
Yes, we expect to upgrade within 6 months of its release: 7.6%
5.) When it comes to users relying on mobile devices for email, how effective is your organization at each of the following?
Protecting stored data
Extremely effective: 13.6%
Somewhat effective: 44%
Not very effective: 12.4%
Not at all effective: 2%
Enforcing access control
Extremely effective: 22.4%
Somewhat effective: 40.8%
Not very effective: 12.4%
Not at all effective: 1.6%
Authenticating the user
Extremely effective: 34%
Somewhat effective: 40.4%
Not very effective: 5.6%
Not at all effective: 1.2%
Configuring/locking down the mobile server
Extremely effective: 18%
Somewhat effective: 39.6%
Not very effective: 8.8%
Not at all effective: 0.8%
Defending against SMS text messaging spam
Extremely effective: 6.4%
Somewhat effective: 23.6%
Not very effective: 13.2%
Not at all effective: 6.4%
Defending against mobile viruses and worms
Extremely effective: 9.6%
Somewhat effective: 33.2%
Not very effective: 12.8%
Not at all effective: 4%
Defending against mobile-bourne spyware
Extremely effective: 7.6%
Somewhat effective: 30.8%
Not very effective: 15.6%
Not at all effective: 4.4%
Establishing and enforcing sound user policies
Extremely effective: 14%
Somewhat effective: 39.6%
Not very effective: 16%
Not at all effective: 5.2%
6.) True or false:
At least some of our users rely on free instant messaging systems like AOL or MSN to communicate at work.
True: 50.8%
False: 45.6%
My organization sees IM as a breeding ground for viruses and worms
True: 51.2%
False: 40%
My organization has sound written policies for policing IM usage
True: 36%
False: 56.4%
My organization uses a corporate instant messaging product
True: 28.8%
False: 69.6%
My organization bans instant messaging
True: 31.6%
False: 67.6%
My organization currently uses a third-party product to secure IM
True: 9.6%
False: 83.6%
7.) Which of the following security steps is your organization most likely to take to defend against instant messaging threats? (Top five answers)
Update desktop antivirus software: 46%
Configure firewalls to block the use of IM on the corporate network: 33.2%
Establish and enforce a corporate IM usage policy: 28.4%
Patch IM-related vulnerabilities: 27.2%
Ban instant messaging: 25.6%