Study: European IT managers have false sense of security

IDG News Service - Many European IT managers find their jobs extremely stressful, and even those who feel they have done as much as they can to protect their companies against emerging threats are operating under a false sense of security, according to a study released today.
These conclusions were detailed in Websense Inc.'s "Stress in Security" survey of 500 IT managers across Europe.
Although 91% of the managers said they believe their companies have good IT security, 70% said they leave gaps open to common Internet threats, according to the study.
Many known Web-based threats are being overlooked, and a majority of respondents said they have no measures in place to protect against internal hackers or phishing attacks. Phishing, a type of Internet scam where hackers send e-mails enticing recipients to reveal passwords or credit card numbers on bogus Web sites that resemble legitimate Web sites, is an increasingly common type of Internet threat.
Fifty-eight percent of the respondents said they protect against fewer than three of the seven most common Web threats identified in the survey, Websense said.
"The biggest problem is that they are being reactive rather than proactive," said Websense spokeswoman Rebecca Zarkos, who worked on the report.
For example, 35% of respondents said they are unable to stop spyware from sending out confidential company information to external sources, and 56% do not prevent peer-to-peer applications from being run.
Finally, 8% of the European companies surveyed said they have no security measures beyond a basic firewall and an antivirus product in place, Websense said. "They think they are covered by a big umbrella, but obviously there are holes," Zarkos said.
Many IT managers see mobile workers as a threat, as 71% of survey respondents said that corporate laptops used outside the office and then reconnected to the network pose the greatest security risk to their companies. Still, only 21% of the companies surveyed said they have technical restrictions in place to secure reconnected computers, according to Websense.
A possible reason behind the lax security is that IT managers aren't delegating enough responsibility to end users, and too few security policies are enforced, Websense said. Individual employees are given too much freedom to visit Internet sites, which could potentially infect the network and put IT mangers' jobs at risk, the company said.
And the pressure seems to show. Of the IT managers surveyed, 72% said they think their jobs might be at risk following IT security breaches, with Internet attacks being their greatest concern. Furthermore, 20% of IT managers surveyed saidthat the stress of protecting their companies against Internet threats is greater than starting a new job, moving to a new house, or even getting married or divorced.
"Obviously they are feeling the stress and know that their jobs are on the line, so maybe the problem is that they don't understand the threats," Zarkos said.
Websense advised companies to invest in the appropriate software to secure their networks and to focus on proactive security measures.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.