[ISN] Study: European IT managers have false sense of security

From: InfoSec News (isn@private)
Date: Wed Mar 16 2005 - 00:14:34 PST


By Scarlet Pruitt
MARCH 15, 2005 

Many European IT managers find their jobs extremely stressful, and
even those who feel they have done as much as they can to protect
their companies against emerging threats are operating under a false
sense of security, according to a study released today.

These conclusions were detailed in Websense Inc.'s "Stress in
Security" survey of 500 IT managers across Europe.

Although 91% of the managers said they believe their companies have
good IT security, 70% said they leave gaps open to common Internet
threats, according to the study.

Many known Web-based threats are being overlooked, and a majority of
respondents said they have no measures in place to protect against
internal hackers or phishing attacks. Phishing, a type of Internet
scam where hackers send e-mails enticing recipients to reveal
passwords or credit card numbers on bogus Web sites that resemble
legitimate Web sites, is an increasingly common type of Internet

Fifty-eight percent of the respondents said they protect against fewer
than three of the seven most common Web threats identified in the
survey, Websense said.

"The biggest problem is that they are being reactive rather than
proactive," said Websense spokeswoman Rebecca Zarkos, who worked on
the report.

For example, 35% of respondents said they are unable to stop spyware
from sending out confidential company information to external sources,
and 56% do not prevent peer-to-peer applications from being run.

Finally, 8% of the European companies surveyed said they have no
security measures beyond a basic firewall and an antivirus product in
place, Websense said. "They think they are covered by a big umbrella,
but obviously there are holes," Zarkos said.

Many IT managers see mobile workers as a threat, as 71% of survey
respondents said that corporate laptops used outside the office and
then reconnected to the network pose the greatest security risk to
their companies. Still, only 21% of the companies surveyed said they
have technical restrictions in place to secure reconnected computers,
according to Websense.

A possible reason behind the lax security is that IT managers aren't
delegating enough responsibility to end users, and too few security
policies are enforced, Websense said. Individual employees are given
too much freedom to visit Internet sites, which could potentially
infect the network and put IT mangers' jobs at risk, the company said.

And the pressure seems to show. Of the IT managers surveyed, 72% said
they think their jobs might be at risk following IT security breaches,
with Internet attacks being their greatest concern. Furthermore, 20%
of IT managers surveyed said that the stress of protecting their
companies against Internet threats is greater than starting a new job,
moving to a new house, or even getting married or divorced.

"Obviously they are feeling the stress and know that their jobs are on
the line, so maybe the problem is that they don't understand the
threats," Zarkos said.

Websense advised companies to invest in the appropriate software to
secure their networks and to focus on proactive security measures.

Bellua Cyber Security Asia 2005 -

This archive was generated by hypermail 2.1.3 : Wed Mar 16 2005 - 04:03:47 PST