EnterprisingCIO - unleash tech potential | Enterprising Club

Protecting company confidential information key element of Internet security

Websense, Inc. a global player in the domain of Web security and content protection, recently announced the findings of the SOS ‘State of Security’ survey conducted in India. The independent survey commissioned by Websense and undertaken by The Nielsen Company, India, assesses the impact of the Internet at work and gauges awareness of Internet security risks among IT managers.

The study of IT managers in 450 organisations across Delhi, Bangalore, Chennai, Mumbai and Hyderabad, included both large businesses and small and medium enterprises providing Internet access to employees at work.

“The survey findings are an eye-opener and highlight how essential it is for Indian IT managers to prioritise their IT security spend into technologies that protect organisations from emerging Web based security threats and confidential data loss,” said Surendra Singh, Regional Director, SAARC & India, Websense Inc.

The survey was conducted by The Nielsen Company, India across five Indian metros – Mumbai, Delhi, Bangalore, Chennai and Hyderabad among IT managers of 450 large (over 750 employees), medium (300 – 750 employees) and small organisations (150 – 300 employees) in India with Internet access to gauge the impact of Internet at work and security risks it poses. The organisations were chosen across key verticals – Manufacturing, BFSI, IT/ITES, Pharmaceuticals, etc – in this study.

IT managers estimate that employees spend 5 hours per week on personal surfing, the highest being employees from Delhi, who spend 12.35 hours per week. Yearly, enterprises incur a productivity loss of approximately Rs. 160,000 per employee, due to surfing non-work related Web sites during the working day. IT managers cited Banking & Finance Web sites (74%), personal e-mail/Web chat sites (62%) and news-media Web sites (53%) as the top sites accessed by employees. 32% IT managers also feel their employees access free software download sites.

IT managers believe that employees sending work documents to personal e-mail accounts (35%), clicking on links sent by unknown sources (32%) and employees who send an official e-mail to the wrong e-mail account (34%) pose great security risk to their organisation. Surprisingly, almost 31% IT managers in Chennai and 26% from Delhi seemed unconcerned about employees engaging in any of the above activities.

42% of IT managers believe their organisation is well secured against Internet security threats, while 26% agreed that their Internet security measures are average. More than half the IT managers (57%) conduct weekly or monthly security assessments, highlighting a proactive approach towards the potential IT threats. 95% IT managers have deployed anti-virus and firewall solutions.

The majority of IT managers (67%) agreed to have an Internet usage policy in place for employees. However, just over one quarter (28%) of IT managers admitted they have no way to enforce the Internet policy. 60% of IT managers in Chennai mentioned not having any Internet usage policy for their employees. And 39% of IT managers in Mumbai stated that they have a paper based policy which is signed by each employee.

53% of IT managers believe they are held responsible, if employees are found leaking confidential company information. This belief is particularly strong with IT managers in Mumbai (81%). Employees accessing restricted data on the Internet (37%) emerged as the second most important reason that IT managers believe will cause them to lose their job.

46% of IT managers admitted employee behaviour towards IT security is a key challenge in implementing and maintaining IT security. This was followed by budget constraints and IT security not getting corporate focus. 32% of IT managers believe that laptop/remote users pose a security threat to corporate networks. IT managers in Bangalore (54%) and Mumbai (49%) feel this to be an acute challenge.

IT managers across India admit that 480 security breaches occurred in 116 organisations in India in the past year, the highest being Bangalore with 182 breaches in 29 organisations followed by 100 breaches across 31 organisations in Mumbai. IT managers estimate a further increase in security breaches in India Inc. in the next year. A significant number (33%) of IT managers based in Bangalore feel the number of Internet related security breaches has increased compared to the last year.

Protecting confidential company information and retaining a trustworthy brand image for the company are the primary drivers of Internet security for IT managers.