spokesperson, Websense

Many European IT managers find their jobs extremely stressful, and even those that feel that they have done as much as they can to protect their companies against emerging threats are operating under a false sense of security, according to a study out Tuesday.

These conclusions were detailed in Websense Inc.’s “Stress in Security” survey of 500 IT managers across Europe.

While 91 per cent of managers surveyed said they believe their company has good IT security, 70 per cent leave gaps open to common Internet threats, according to the study.

Many known Web-based threats are being overlooked and a majority of respondents had no measures in place to protect against internal hackers or phishing attacks, the study found. Phishing, a type of Internet scam where hackers send e-mails enticing recipients to reveal passwords or credit card numbers on bogus Web sites designed to resemble legitimate Web sites, is an increasingly common type of Internet threat. Of the seven most common Web threats identified in the survey, 58 per cent of respondents protected against less than three of them, Websense said. They think they are covered by a big umbrella, but obviously there are holes.Rebecca Zarkos>Text

“The biggest problem is that they are being reactive rather than proactive,” said Websense spokeswoman Rebecca Zarkos, who worked on the report.

As an example of not taking preventative measures, 35 per cent of respondents were unable to stop spyware from sending out confidential company information to external sources and 56 per cent did not prevent peer-to-peer applications from being run, the study found.

Finally, eight per cent of the European companies surveyed had no security measures beyond a basic firewall and antivirus product in place, Websense said.

“They think they are covered by a big umbrella, but obviously there are holes,” Zarkos said.

Many IT managers see mobile workers as a threat, as 71 per cent of survey respondents said that corporate laptops used outside the office and then reconnected to the network pose the greatest security risk to their companies. Despite this, only 21 per cent of the companies surveyed had technical restrictions in place to secure reconnected computers, Websense said.

A possible reason behind the lax security is that IT managers are not delegating enough responsibility to end users, and too few security policies are enforced, Websense said. Individual employees are given too much freedom to visit Internet sites, which could potentially infect the network and put IT mangers’ jobs at risk, the company said.

And the pressure seems to show. Of the IT managers surveyed, 72 per cent said that they think their jobs might be at risk following IT security breaches, with Internet attacks being their greatest concern. Furthermore, 20 per

cent of IT managers surveyed said that the stress of protecting their companies against Internet threats is greater than starting a new job, moving house or even getting married or divorced.

“Obviously they are feeling the stress and know that their jobs are on the line so maybe the problem is that they don’t understand the threats,” Zarkos said.

Websense advised companies to invest in the appropriate software to secure their networks, and to focus on proactive security measures.