Cisco: U.S. Leads in Spam; IT Policies Not Being Followed


Congratulations America, you're number one in the world -- for spam origination.

Networking giant Cisco Systems (NASDAQ:CSCO) released its 2010 mid-year security report Thursday, identifying current trends in technology security and risks. Spam, which has been a concern since the beginning of the Internet era, continues to be an issue in 2010 and the U.S. is the leading culprit.

Cisco reported that in the first half of 2010 the U.S. was responsible for 8.98 percent of global spam. India came in second with 8.61 percent and Brazil was third at 6.71 percent. At the end of 2009, Cisco reported that Brazil was the spam leader. For the first half of 2010, Brazil's spam volume decline by 4.3 percent according to Cisco. The reason for Brazil's spam decline was attributed to ISPs in that country restricting access to port 25, which is typically used by SMTP for email relaying.

Overall Cisco sees the global volume of spam up by 30 percent over 2009, though that shouldn't be a surprise. Cisco noted that last year spam volumes were lower thanks to the shutdown of the McColo ISP at the end of 2008.

Looking beyond just the problem of spam, Cisco found that there are other deeper issues within enterprises. According to Cisco's survey data, fifty percent of respondents reported they don't respect corporate policies on social media use restrictions. More than a quarter of all respondents also admitted they actually change the settings on their devices in order to access applications that have been prohibited.

Not all organizations have usage policies for social media. Cisco reported that that only 20 percent of companies had some kind of policy in place for social networking usage.

In terms of how people are using social networking at work, Cisco's data also showed some interesting trends.

Wasting time on FarmVille

"According to Cisco data examining how its customer's employees use Facebook, 7 percent of Facebook users spend an average of 68 minutes per day playing the popular interactive game FarmVille," the Cisco report states.

While Facebook gaming activities could represent a loss of employee productivity it's not clear how much of a security risk it poses, at least for now. But Cisco's report noted that cybercriminals are believed to be developing ways to deliver malware via these online social games. The report does not however detail any specific instances about any such malware delivery.

From a risk mitigation perspective, Cisco found that 62 percent of IT decision-makers view employee education and training as their top approach for helping to ensure security. Training alone isn't enough, though, as 57 percent said they also used some form of URL filtering technology and 39 percent reported that they also used data loss prevention (DLP) technology.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.