Spyware leapfrogged ahead of viruses and worms to become the biggest security concern in 2007, according to survey results from the Computer Technology Industry Association.
CompTIA this week released the top security concerns of 1,070 businesses it surveyed earlier this year. Some 55% of those polled reported spyware as the top concern on their list; in particular, survey respondents said the volume of spyware they have to combat had increased in the previous 12 months.
"Spyware was rarely mentioned as a concern just a few years ago," said John Venator, president and CEO at CompTIA, in a statement. CompTIA commissioned the survey, which was conducted by TNS, a global-marketing insight and information group, to gain insight into security concerns across organizations of various sizes and vertical markets. "It's another example of how information-security threats are moving targets that can pose great challenges to even the most security-conscious organization," he said.
A close second to spyware was a lack of user awareness, which worried 54% of survey respondents. Close to 50% cited viruses and worms as their biggest concern, and about 45% said authorized-user abuse represents a security issue. Rounding out the top five concerns cited in the 2007 survey was browser-based attacks, with more than 41% citing that as a cause for worry.
Looking ahead, 20% of survey respondents said they see viruses and worms as threats in 2010, while 14% said they think spyware will continue to be a concern. Nine percent cited wireless access as a potential security issue in 2010, and 9% said the same about e-mail and e-mail attachments. Organizations are less concerned about phishing and social-engineering attacks: Just 5% said they are cause for concern. Another 5% mentioned remote access as a potential security problem in 2010.
CompTIA says organizations are increasing their IT spending on security technology and training. "Nearly one-half indicate they intend to increase spending on security-related technologies, and another one-third expects to increase spending on security training," Venator said.