How are IT managers coping with today’s fast-changing threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data? To find out these answers and more, US-based Websense, Inc., a content security and data theft protection provider, commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).
“This survey shows that companies need to recalculate their assumptions about how well their data is protected,” said Fiaaz Walji, Websense Canadian country manager. “Advanced threats are using attack elements and methods that AV was not designed to address–and are written and tested specifically to bypass AV. Companies need a robust, layered security strategy–like our Websense® TRITON™ solutions–that can truly protect them from modern malware in the wild and effectively keep their confidential data protected however it’s being used.”
The Canadian research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance. IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident. But help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report entitled Security Pros & ‘Cons’: Canadian IT professionals on confidence, confidential data, and today’s cyber-cons. (Registration required on Websense to download the report)
Key Canadian Findings:
* Data breaches put IT jobs on the line. More than 80 percent said that their job would be at risk if a security incident were to occur, including:
- if a CEO or other executive’s confidential data is breached (38 percent)
- data needed for compliance is lost (32 percent)
- if confidential information is posted on a social networking site (34 percent)
* Shockingly, a full 30 percent report that the CEO’s or other executives’ confidential data had been breached. 22 percent report losing data needed for compliance. 23 percent state that confidential information has been posted on a social networking site and 40 percent say that data has been lost by employees.
* Hidden data loss – A suspiciously large gap in the experience of IT managers and confessions from employees indicate extensive under-reporting on security breaches. Just two employees for every 100 admit to posting confidential information on a social networking site, but 23 percent of IT managers say that it has indeed occurred in their organization. One employee in 100 reveals they have introduced malware onto the network – but 32 percent of IT managers have already seen it happen. And it gets worse: if employees did accidentally compromise company data, 30 percent of them would not tell their boss.
* Canadian IT managers feel that getting a divorce or getting married was LESS stressful than protecting the company’s confidential data. In addition, 11 percent said that losing their job was a less stressful event and 20 percent would rather start a new job!
* Sufficient Protection – Necessary but not sufficient. There are indications that antivirus and firewall solutions may have been oversold as a panacea, creating a false sense of security. While AV and firewalls are still certainly necessary, they are not sufficient to stop modern malware and advanced data-stealing attacks. Only 49 percent of respondents use systems that prevent confidential data from being uploaded to the web. Yet 61 percent worry about advanced persistent threats and 21 percent said they have been a victim of this type of attack. However, as a result of recent high-profile data breaches, 19 percent began or accelerated a data loss prevention project.
* Data security talk now involves top management. More than 90 percent of IT security managers report that new levels of management have engaged in data security conversations in the last year, including the head of IT (42 percent), managing director (37 percent), and CEO (36 percent). This means that until recently, the head of IT was often not involved.
* Headline-grabbing security incidents are impacting IT planning. More than 60 percent of IT managers concede that recent well-publicized security incidents have affected their planning. Most have made multiple changes:
- more than 40 percent have focused attention internally on testing policies, increased spending, imposed new restrictions on users
- 35 percent have implemented new solutions
- Nearly a fifth have begun or accelerated a full DLP project