What Should You Think About Spam Statistics?

Written by Jeff on July 26, 2012

Anyone reading the news lately has seen that thanks to security researchers Grum, one of the world’s largest botnets in the world, has been disabled.

Businesses and security experts have been reveling in the news because it means less spam. That’s always a good thing. But when events like this happen, we tend to get over confident. Especially when the facts start flying.

If you search on Google for the term Grum botnet you will be presented with over 300,000 results. Many of these go into great detail about the amount of spam that this army of zombie computers was responsible for.

In this case, three different numbers seem to be flying around. Some claim that the botnet was responsible for half the world’s spam while others give it credit for 20 percent of all spam.

And that’s not the only example of statistics being a bit misleading.

For months we have been hearing about how the levels of spam have declined. There have been plenty of numbers to “prove” that spam is going the way of the dinosaur.

In 2011, headlines read:

Much of this fervor was in line with the takedown of Rustock, but still the claims were made that spam was on the run.

This was then followed by spam’s rise to epic levels in August of the same year according to The Threat Post blog.

So what gives?

It is easy to accuse the IT industry of using such statistics to scare people into buying expensive security products. However in an instance like this, telling the public that the amount of spam will be cut in half really doesn’t do much to kick their adrenaline and fear into high gear.

Add to it the fact that these numbers are coming from industry neutral publications and we really can’t point the finger at marketing tactics.

Actually, seeing numbers like this would likely have the opposite effect. Organizations who may be looking into an anti-spam solution would likely reconsider if they felt that spam poses less of a threat.

Consider the fact that spam levels ebb and flow throughout the year as well. When a large botnet is dismantled, spam levels are sure to fall. Likewise advancements in spam fighting technology will also keep the number of junk mail at bay.

Conversely, when cyber criminals come up with new techniques to defeat security measures spam picks up production. When there is something big in the news cycle that spammers can capitalize on, there will always be an uptick as well.

What is a company to do?

A while back, I wrote about how a large number of articles on the Web were telling people that the levels of spam had been falling over the past few years. These numbers came from security companies who published statistics on what was being stopped by their products.

A survey of IT professionals who deal with spam on a daily basis told a different story. According to the people in the trenches, they were still getting too much spam.

To me, the solution is rather simple. The statistics tell a story of what is going on, but each individual organization needs to assess their business and the effect that spam has on it. Only then can they decide on what the best strategy for them is. Ask yourself:

  • Is the level of spam too high for my users?
  • Are there regulatory or legal issues I have to deal with?
  • Can my business survive damage to its reputation if it is accused of sending spam?

Only after assessing what dangers spam poses to your company will you be able to determine the best course of action. Let your needs, not the statistics, drive you to do the right thing.

The mistake that is made all too often is making decisions based on reactions. By proactively planning and addressing threats before they cause damage an organization can keep their users and resources safer. When decisions are made with the right information and they are made to address the individual needs, the solution works out.

Join the discussion – Tell us what your thoughts about spam related statistics in the comment section.

Comments

Cathy Tess July 28, 2012

As with any statistics, spam statistics are to be taken with a grain of salt. I don’t mean they lie but in the best case these are all estimates. Also, I don’t care about the global drop or even total extinction of spam when my inbox is flooded with all sorts of it. To me these statistics are nice figures for purely informational purposes, not a basis for a multi-million decision.

Emily Soon July 28, 2012

100% of those who quote statistics are misleading people. Sue me if I’m wrong.
It is always about context. Provide the context and the perspective will be different.

Additionally, how can anyone determine the total number of spam that the entire world population is getting, anyway? That by itself is suspect. The best thing that one can do is speculate. You can’t even call it an approximation. It is mere speculation.

Yes, I agree, statistics are only good if it is deemed relevant to an organization. Is spam and phishing attacks falling, as well, for your organization? If it’s not, would you feel confident even if there are articles stating spam numbers are falling? I don’t think so.

  • (required)
  • (required)