IT managers ignorant of emerging net threats: Websense

The survey found only one in four Australian organisations use the latest software protection.

The 2004 Web@Work study showed 26 percent of the businesses surveyed used spyware protection and instant messaging (IM) security, while 24 percent had peer-to-peer file sharing safety measures and 23 percent had protection against online hacking tools.

Ninety-seven percent of IT managers were "confident that their company's current antivirus software is sufficient to protect their network from outbreaks", yet 45 percent reported their networks had been infected by a Web-based virus within the last 12 months.

Additionally the survey results showed spyware - a technology that surreptitiously records Web surfing patterns, keystrokes and passwords to relay back to a host Web site - ranked number one in all IT helpdesk issues with 23 percent of the total complaints share.

Websense territory manager for Australia and New Zealand, Graham Connolly said "spyware is rapidly becoming a significant problem for Australian organisations".

"One of the most common ways for an employee to infect their organisation's network with spyware is when they download some apparently free software that doesn't have a business use, such as P2P file sharing or media players. But there is no such thing as a free lunch," he said. "Frequently the 'freebie' software generates income for its creators by bundling itself with spyware."

Additionally, 64 percent of organisations reported to have been the target of a phishing scam.

The survey tallied the top five Internet-related help desk issues as spyware (23 percent), unlicensed software (20 percent), employee use of bandwidth clogging applications (19 percent), employee use of IM (11 percent), employee use of P2P (9 percent).

Almost 45 percent of respondents reported to have been infected by a Web-based virus, according to Websense, despite 20 percent of the organisations claiming to be "extremely confident", and 45 percent "very confident" in their current antivirus software. A further 24 percent reported to be "somewhat confident" in their organisation's antivirus protection.

"This statistic highlights a dangerous level of complacency with regard to the risks of conducting business via the Internet. Organisations need to consider a multi-layered approach to security: traditional perimeter and point protection such as a firewall and antivirus software are insufficient if operating in isolation," said Connolly.

The survey also found that 33 percent of the responding Australian organisations had experienced a "hacking attack by a tool that was installed inside the network by an employee," according to Websense.

IM has been banned by 52 percent of organisations, according to the research, largely due to security issues.

"Like a Web browser, while IM can provide organisations with a highly efficient business tool, it also introduces significant risks," said Connolly.

"Sensitive documents may inadvertently - or even maliciously - be sent outside of an organisation; virus-laden attachments may find an unmanaged path into an organisation; and copyrighted or illicit media can be exchanged via attachments. And all without ever being detected or secured by IT staff."

Of the respondents, 72 percent reported to have written Internet access policies.