IT sec community has false sense of security

The survey, of 500 European IT managers, showed 91 per cent believed they had complete or good IT security protection, but only 30 per cent were protecting themselves against common risks such as phishing, spyware and hacking tools. When married with the fact that 72 per cent believed their jobs would be on the line if a security breach took place, it makes dark reading.

"We found a massive discrepancy between perceived security and actual security," said Mark Murtagh, technical services director of IT security company Websense, who conducted the survey. "Increased mobile working is only going to make this worse. Laptops in particular are huge problem."

One director of a top international IT firm revealed to SC in a meeting last year that his laptop (used for business and personal use) has no form of encryption or protection of data. Murtagh suggested such details were simply the tip of the iceberg. In particular he pointed to peer-to-peer networks.

"56 per cent of companies do not prevent peer-to-peer applications from running on the network," he said. "It creates huge problems. One UK firm [of 20,000 internet-using employees] recorded 10,000 malicious file downloads [in a three week period when Websense was monitoring its activity]. There was one gigabyte of information delivered through spyware. It's amazing."

In November SC reported confusion and complacency was creating IT security risks. The claims were made by the British Computer Society (BCS) in its end of year review.

A recent SC study into UK public sector bodies revealed that most do not protect themselves with intrusion prevention and detection systems, although they all have firewall and anti-virus. A full round up of the findings will appear in April's SC magazine.

www.websense.com