A survey of security in Indian organisations presents a fascinating insight into the risks perceived by IT professionals there.
The Websense SOS “State of Security” survey questioned IT managers in 450 organisations in Delhi, Bangalore, Chennai, Mumbai and Hyderabad, included both large businesses and small and medium enterprises.
Key findings include:
Time spent on non work-related Web sites
IT managers estimate that employees spend 5 hours per week on personal surfing. IT managers cited banking & finance Web sites (74%), personal e-mail/Web chat sites (62%) and news-media Web sites (53%) as the top sites accessed by employees. 32% IT managers also feel their employees access free software download sites.
Employees key to IT security
IT managers believe that employees sending work documents to personal e-mail accounts (35%), clicking on links sent by unknown sources (32%) and employees who send an official e-mail to the wrong e-mail account (34%) pose the greatest security risk to their organisation.
Organisation's Internet security
Some 42% of IT managers believe their organisation is well secured against Internet security threats, while 26% agreed that their Internet security measures are average. More than half the IT managers (57%) conduct weekly or monthly security assessments, highlighting a proactive approach towards the potential IT threats. 95% IT managers have deployed anti-virus and firewall solutions.
Adherence to Internet policy
The majority of IT managers (67%) have an Internet usage policy in place for employees. However, just over one quarter (28%) of IT managers admitted they have no way to enforce the Internet policy.
IT managers' job risk
Some 53% of IT managers believe they are held responsible, if employees are found leaking confidential company information. This belief is particularly strong with IT managers in Mumbai (81%). Employees accessing restricted data on the Internet (37%) emerged as the second most important reason that IT managers believe will cause them to lose their job.
Web is the key source that can infect the network
IT managers believe Web (48%) followed by e-mail (46%) to be a key source of network infection.
Employee behaviour a key challenge in implementing and maintaining IT security
46% of IT managers admitted employee behaviour towards IT security is a key challenge in implementing and maintaining IT security. This was followed by budget constraints and IT security not getting corporate focus. 32% of IT managers believe that laptop/remote users pose a security threat to corporate networks
The survey was conducted by The Nielsen Company, India Mumbai, Delhi, Bangalore, Chennai and Hyderabad among IT managers of 450 large (over 750 employees), medium (300 -- 750 employees) and small organisations (150--300 employees).