Corporate computer users have a cavalier attitude to IT security in the workplace, a new report claims.
The warning comes from security firm Trend Micro in a new study into corporate end-user experiences and perceptions of security threats.
The study tracked responses from 1,200 corporate users across the US, the UK, Germany and Japan and compared them to analysis from Trend Micro's global threat research network and a similar study in 2005.
US respondents are generally more confident in the protection provided by corporate computers, according to the report.
About 40 percent believed that their work computers are better protected than their home computers against spam, spyware and phishing, and are more likely to click on suspicious links or websites using their work computers.
However, US respondents are also more likely to take most security threats seriously, especially relative to respondents from the UK.
Some 60 percent of US respondents indicated that they view spyware as a serious threat, while only 48 percent of UK end users viewed it as such.
Similarly, 48 percent of US end users recognised the danger of spam, while only 27 percent of UK end users perceived this to be a serious threat.
While end users in certain countries recognise the seriousness of threats, it seems that they are also more likely to take risks and open suspicious documents or click on suspicious links while using corporate computers.
Trend Micro puts this down to the availability and reliance on support teams in the corporate environment.
Users feel less personally responsible for security at work and more responsible on their home computers when their personal security is at stake.
Both sets of research found an increase in spam between 2005 and 2007, but UK respondents generally perceived security threats to be less serious in 2007, and fewer corporate end users in the US acknowledge having received spam.
The respondents in Germany, by contrast, consider all threats to be more serious in 2007 compared to 2005.
The research showed that digital threats increased 163 percent between December 2005 and November 2006. Web threats in particular grew by 540 percent from January 2005 to January 2007.
Despite these increases, end users may show a lack of concern for the seriousness of threats owing to the silent and invisible nature of many new infection methods.
All users continue to be most aware of viruses, spam and spyware. In Japan the awareness for spyware increased significantly from 76 percent in 2005 to 93 percent in 2007.
Although four in 10 respondents in all countries indicated that they have received more spam over the past three months, US respondents reported an overall decline in spam from 84 percent in 2005 to 72 percent in 2007.
The number of respondents who encountered spyware declined in the US by 41 percent in 2005 compared with 2007, and in Germany by 23 percent in 2005 compared with 19 percent in 2007.
But the drop was most notable in the UK at 42 percent in 2005 compared with 26 percent in 2007.
It is also likely that the decrease in spyware may be due to the greater complexity and sophistication of attacks, and that end users are less able to identify silently installing malicious code.
The report concludes by urging the continued education of corporate end users, especially given the increased number and sophistication of spam and phishing attacks.
Spam and phishing attacks often include links to sites hosting malicious threats such as spyware. Infections through this route pose a serious threat because victims of such attacks become vulnerable to personal and corporate information theft.
Corporate PC users are the weakest link
By Staff Writers on Jul 4, 2007 5:04PM