Security optimize

New Websense survey may surprise you

We all have our own perceptions of IT security in our organizations. Here's your chance to find out what other netizens think according to Websense.

Websense provides web-filtering software. If you want to block content, it's a great company. If you are a spammer trying to get past one of their products, they suck.

I pay attention to Websense for a different reason -- their research. Time and time again, Websense has helped me understand a difficult concept. So, when I got wind of their latest report, "Security Pros and Cons: IT Professionals on Confidence, Confidential Data, and Today's Cyber-cons", I downloaded it.

Survey goals

The paper brings to light results of a survey instigated by Websense. To remove their bias, Websense commissioned research firm Dynamic Markets, Limited to ferret out opinions regarding:

  • Current threats to corporate and personal security, including advanced-persistent threats and modern malware.
  • Corporate information and data-loss prevention strategies.

It seems Websense is interested in how confident/concerned IT managers are when it comes to protecting corporate data and employees against...digital threats. To accomplish this, Dynamic Markets engaged respondents from four countries: Australia, Canada, the United Kingdom, and the United States. Those questioned included:

  • IT security managers (total of 1008) in companies with 250+ PC users worldwide.
  • General employees (total of 1004) in companies with 250+ employees worldwide.

The envelope please

Dynamic Markets asked each respondent 14 questions. Rather than rehash them all, let's look at the interesting ones. I'd be remiss if I did not mention that all the following graphs are courtesy of Websense. First question:

Are you completely confident that your company is 100 percent protected against modern malware?

Results:

What immediately struck me, was that 30 percent of those responding were sure every possibility was covered. How confident are you?

The next question sheds light on exploits encountered:

Which of the following has occurred in your organization during the last 12 months?

Results:

Close to 70 percent of those surveyed reported at least one significant event. I wonder if the IT managers in the remaining 30 percent are the ones who reported their company being completely protected?

A scary statistic: 30 percent responded that top executive's confidential data had been breached. That's a problem, as you will see in a bit.

If you are wondering what happened to the other countries, I left their results out for this and the remaining questions. The responses were similar. The graphics were such that, if I included all four countries, the text would be unreadable.

Next, the survey probed the fate of IT managers:

Which of the following could an IT manager in your organization lose their job over?

Results:

The responses to this question reaffirm one thing: Above all else, keep CEO stuff safe. The next question is up close and personal:

With respect to working with company data, which of the following have you and/or any of your colleagues within the company done in the last 12 months?

Results:

This question highlights the ongoing "us versus them" battle between employees and IT managers. The report mentions:

"Just one employee in a hundred admits to posting confidential information on a social networking site, but 20% of IT managers say that it has indeed occurred in their organization. One employee in 50 reveals that they have introduced malware onto the network-but 35% of IT managers have already seen it happen."

Whose side are you on?

At first, I did not see the point in asking the next question. It dawned on me. This is important:

If you accidentally compromised company data, who would you tell?

Results:

To me, the obvious answer is my supervisor. But then, is that the only person I would tell? Who else I tell could have significant consequences later on. Who would you tell?

The final question is interesting, yet, troubling at the same time:

In terms of your personal stress levels, which of the following would you say is less stressful than being responsible for protecting your company's confidential data?

Results:

So, 201 respondents felt getting a divorce was less stressful than protecting company data. That makes sense. Divorces are tough. On the flip side, 402 respondents out of 2012 felt getting married was less stressful.

Final thoughts

A few things stand out. Of 1008 IT managers responsible for security, 302 are confident their company is 100 percent protected. I don't know any managers being that assured.

I did expect high stress levels. Not to the point, though, where job-related stress exceeds stress associated with personal issues.

A personal note: I've mentioned my dear friend and writing mentor on several occasions. For years, he has corrected my literary eccentricities before they could annoy you. I can’t begin to describe how important he is to me.

He has cancer -- an especially nasty one.

I’d appreciate any positive thoughts you could send his way.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

5 comments
wizard57m-cnet
wizard57m-cnet

Also, best wishes to your friend...I let Ansu start it off...cancer hits quite close to home...tell your friend there are many of us who wish him well, and we're working for a cure for all cancers.

AnsuGisalas
AnsuGisalas

Tell him to kick that Cancer in the shorts!

Michael Kassner
Michael Kassner

New post. Read how IT managers and employees feel about IT security. Then, let us know how you feel.