In this day and age when every penny counts, many individuals and businesses are reviewing their spending, including their security software. Over this and the next couple of posts we’d like to look at the business case for security software, so you can make an informed choice.
Yes, of course, we’re biased, being that we produce security software. But we also think there are some simple to put reasons why when you are thinking about your security spending, that your essential security software shouldn’t be on the list of things to cut.
So in this first of a short series, we’ll ask: is there a business case for anti-spam?
Let’s start by looking at security strategy, which we feel you can sum up, thus:
- Security is about keeping data safe, whether uncorrupted, stopping data being stolen or stopping unauthorized access.
- The best place to stop intrusions, theft and unauthorized access is at the perimeter of your network (i.e. before someone can actually get in).
- One of the weakest links in security software is inadvertent circumvention by end-users (clicking on a link, downloading unauthorized software, agreeing to install something by mistake etc.).
- The single easiest access to a machine (or presentation to a user) is via email, as email clients are running either all of the time, or all of the time the user is logged in (generally).
So, we can sum up further: in order to practice safe security, we are trying our very best to keep users safe, often from themselves; by which we mean, malware and phishing attacks use clever social engineering to try to trick users into doing something to make their job easier.
Your first reaction, we are sure, is that “well, we have an antivirus solution, we’re therefore safe, aren’t we?”
Most of the time, yes. But, and we speak from experience because we produce antivirus and anti-spyware products, antivirus/antimalware solutions on their own are not a 100% fail-safe solution. This is because they are signature-based (even if they have heuristics detection to aid them), and zero-hour outbreaks can occasionally defeat them. Plus, if the malware is not in a file or message received (but a link or clean attachment to it is), an initial on-access scan will not secure or ameliorate the problem.
Which brings us to anti-spam protection.
First some myths you might like to consider:
- All email comes with some anti-spam protection now, doesn’t it? – Simply put, no. Most email doesn’t, unless you opt-in and pay for it, or install and run your own. This is most especially true of business email or email service that comes with your own domain.
- Isn’t spam on the decline? – Alas, no. It’s still on the increase. In their latest report, the European Network and Information Security Agency (ENISA) noted that genuine email as a percentage of all email sent, had declined from 6% to 5%, which means that, of all email sent, fully 95% is now spam.
- Anti-spam is expensive, isn’t it? – No, not really. Stand-alone solutions (i.e. those that sit on your desktop machine) cost the equivalent of less than 8¢ per day, well, ours does.
- Anti-spam solutions are hard to install, aren’t they? – Absolutely not. Modern installers are as simple as a double-click and wait a short while. Even more complex server software is quite painless to install these days too.
So, what’s the business case, then?