SOS for security shortfall

16 Mar 2005

Many European IT managers are complacent about computer security, a new survey indicates. Although more than nine out of 10 believe their security systems are complete, in reality less than a third were found to protect themselves against known threats.

The Stress of Security report commissioned by the internet management systems provider Websense found that 70pc of IT managers in Europe are vulnerable to internet risks, even though they are frequently already aware of them. The research identified seven threats including phishing attacks, spyware, hacking tools, risks associated with peer-to-peer applications, as well as a range of other malicious software types.

The survey claims that common web-based threats are being ignored; 58pc of respondents said they protect against less than three of the seven common web threats identified in the survey. Some 26pc of respondents said they protect against just one of these.

Breaking the figures down in more detail, 62pc are unable to block phishing attacks; 56pc do not prevent peer-to-peer applications from being run on the network; 35pc are unable to stop spyware from sending out potentially confidential information from their company to an external source.

A very low figure – just 3pc of IT managers – said they had experienced internal hacking attempts, but it emerged that a much greater amount – 60pc – lack the ability to detect any such attacks in the first place as they don’t have software in place to do so.

The research also revealed that 8pc of European companies have been exposed to all of the identified internet threats by not having security measures in place other than a basic firewall and antivirus solution.

Just under three quarters (72pc) of European IT managers believe their jobs might be at risk following potential IT security breaches. The top concern outlined in the survey was an internet security breach.

Laptops, which are used outside the office and then reconnected to the network, pose a major security risk, according to 71pc of respondents. However, only 21 percent of companies have technical restrictions in place to secure disconnected laptops.

The survey concluded that employees may often be left to their own devices as far as IT security is concerned. Only 40pc of companies enforce and automate internet usage policies through technology for desktops. This figure drops to 21pc for laptops. In effect, this means that staff are often free to access any kind of website and download applications while at work – activities which could potentially bring malicious software into the company.

The report is an independent report undertaken by Dynamic Markets on behalf of Websense. It details quantitative research based on responses from 500 IT managers who have responsibility for IT security in companies across the UK, Germany, France, Italy and the Netherlands employing more than 250 staff.

By Gordon Smith