How are IT managers coping with today’s threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data?
To find out these answers and more, Websense commissioned a survey of 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and APTs.
The research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance.
IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident. But help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget.
Stress of security
86 percent said that their job would be at risk if a security incident were to occur, including if a CEO or other executive’s confidential data is breached (36 percent); data needed for compliance is lost (34 percent); and if confidential information is posted on a social networking site (34 percent).
Shockingly, a full 24 percent reported that the CEO’s or other executives’ confidential data had been breached. 34 percent report losing data needed for compliance. 34 percent state that confidential information has been posted on a social networking site and 37 percent say that data has been lost by employees.
20 percent stated that data affected by regulatory compliance was compromised. 20 percent have seen confidential information posted on social networking sites. 34 percent of employees who accidentallycompromise data wouldn’t tell their boss.
72 percent say protecting company data is more stressful than getting a divorce, managing personal debt, or being in a minor car accident. 14 percent say losing their job would be less stressful than staying in their current role.
There are indications that antivirus and firewall solutions may have been oversold as a panacea, creating a false sense of security. While AV and firewalls are still certainly necessary, they are not sufficient to stop modern malware and advanced data-stealing attacks. Only 48 percent of respondents use systems that prevent confidential data from being uploaded to the web. Yet 60 percent worry about advanced persistent threats and 19 percent said they have been a victim of this type of attack.
Hope on the Horizon
91 percent of IT security managers report that new levels of management have engaged in data security conversations in the last year, including the head of IT (43 percent), managing director (38 percent), and CEO (33 percent). This means that until recently, the head of IT was often not involved.
More than 60 percent of IT managers concede that recent well-publicized security incidents have affected their planning. Most have made multiple changes: more than 40 percent have increased spending, focused attention internally on testing and overhauling existing policies, have implemented new solutions, and imposed new restrictions on users. Nearly a quarter have begun or accelerated a full DLP project.
The complete survey is available here (registration required).