We have just wrapped up a major study focused on e-mail, Web and instant messaging security among midsized and large organizations in North America. One of the questions we asked respondents was about problems they have had during the past 12 months in messaging and Web environments. Here's what we found:

* Two out of five organizations has had a virus, worm or Trojan successfully infiltrate their network through e-mail. (Compare Patch and Vulnerability Management products)

* Nearly as many organizations have had such an exploit enter through the Web.

* More than one-quarter of organizations have had data accidentally or maliciously leaked by an employee. (Compare Data Leak Protection products)

* More than two in five organizations have experienced corruption of one or more e-mail databases.

This reveals a couple of things about the current state of messaging and Web security. First, it needs work. The fact that so many organizations have experienced infiltration of their infrastructure during the past year – despite the fact that virtually all organizations have defenses in place – clearly indicates that defenses need to be better. 

While these defenses include the usual mechanisms of antivirus (Compare antivirus products), antispam (Compare antispam products) and the like, organizations need to focus more heavily on things like Web security, reputation management and connection management. For example, a growing proportion of threats are from spam that directs recipients to Web sites that will download any of a number of malicious payloads onto visitors’ machines.

Secondly, defenses need to be deployed everywhere, including on users’ home machines, laptops and mobile devices. An employee that checks his or her corporate e-mail at home (which about 75% of employees do) puts the corporate network at serious risk if that user has not updated antivirus and other defenses adequately.

Michael Osterman is principal analyst of Osterman Research.