Many European IT managers find their jobs extremely stressful, but even those that feel that they have done as much as they can to protect their companies against emerging threats are operating under a false sense of security, according to a study out tomorrow.
These conclusions are to be detailed in Websense's "Stress in Security" survey of 500 IT managers across Europe.
While 91 percent of managers surveyed said they believe their company has good IT security, 70 percent leave gaps open to common internet threats, according to the study.
Many known web-based threats are being overlooked and a majority of respondents had no measures in place to protect against internal hackers or phishing attacks, the study found.
Phishing, a type of internet scam where hackers send emails enticing recipients to reveal passwords or credit card numbers on bogus websites designed to resemble legitimate websites, is an increasingly common type of internet threat.
Of the seven most common web threats identified in the survey, 58 percent of respondents protected against less than three of them, Websense said.
"The biggest problem is that they are being reactive rather than proactive," said Websense spokeswoman Rebecca Zarkos, who worked on the report.
As an example of not taking preventative measures, 35 percent of respondents were unable to stop spyware from sending out confidential company information to external sources and 56 percent did not prevent peer-to-peer applications from being run, the study found.
Finally, 8 percent of the European companies surveyed had no security measures beyond a basic firewall and antivirus product in place, Websense said.
"They think they are covered by a big umbrella, but obviously there are holes," Zarkos said.
Many IT managers see mobile workers as a threat, as 71 percent of survey respondents said that corporate laptops used outside the office and then reconnected to the network pose the greatest security risk to their companies. Despite this, only 21 percent of the companies surveyed had technical restrictions in place to secure reconnected computers, Websense said.
A possible reason behind the lax security is that IT managers are not delegating enough responsibility to end users, and too few security policies are enforced, Websense said. Individual employees are given too much freedom to visit internet sites, which could potentially infect the network and put IT mangers' jobs at risk, the company said.
And the pressure seems to show. Of the IT managers surveyed, 72 percent said that they think their jobs might be at risk following IT security breaches, with internet attacks being their greatest concern. Furthermore, 20 percent of IT managers surveyed said that the stress of protecting their companies against internet threats is greater than starting a new job, moving house or even getting married or divorced.
"Obviously they are feeling the stress and know that their jobs are on the line so maybe the problem is that they don't understand the threats," Zarkos said.
Websense advised companies to invest in the appropriate software to secure their networks, and to focus on proactive security measures.