Users are a bigger headache than hackers: survey

Poll shows concern about user actions is high

IT managers are more concerned about end-user abuse of IT systems than attacks from hackers and other threats, according to new research.

The 2007 State of Security Report, sponsored by security vendor Websense, surveyed 158 employees and 159 IT managers at Australian companies with more than 50 staff.

Managing end-user online activity is the most frustrating part of the IT manager role, according to the survey, which found 59% of surveyed companies do not block peer-to-peer file sharing, while 47% don't enforce internet usage policies through filtering applications.

Budget constraints were the second highest concern, and were reported by 48% of IT managers. Other conceerns cited include lax attention to security (25%) and ease of deployment (18%).

Most organisations (87%) deployed multiple URL filters, with phishing scams listed as the biggest threat (58%), followed by spyware (56%) and instant messaging (51%).

Lost banking details (30%) and credit card numbers (20%) are considered worse than having company data stolen (17%), according to end-user responses.

Up to 117 (74%) of the non-IT staff surveyed thought they could be sacked for leaking secret company documents or viewing pornography, while 100 (63%) considered introducing spyware and viruses a dismissible offense.

IT managers were slightly more relaxed, according to the survey. Employees would be axed if they leaked sensitive documents according to 56% of IT managers, letting viruses loose on company networks (52%), and downing pornography (34%).

IT managers and employees clashed over the time end-users wasted browsing the internet for personal use. IT staff claimed non-IT users spend 1.5 hours per day visiting banking sites, reading news, accessing personal email accounts and visiting jobs sites.

However users argued the figure is closer to 45 minutes per day, and they spend about 85 minutes surfing the web as part of their job.

Queensland end-users may be Australia's most ardent workers, according to responses which showed they splurge 30 minutes of paid time per day browsing the internet for personal reasons, compared to the equivalent New South Wales figure of 53 minutes.

However, the figure falls short by more than an hour, according to their IT managers, who estimated they waste more than 95 minutes a day on the web.

More than a third (37%) of employees do not make up for time wasted on the internet, while 28% work 15 minutes longer, and 17% put in an extra 30 minutes.

Join the newsletter!

Error: Please check your email address.

Tags hackersmanagementuserswebsense2007 State of Security

Show Comments
[]