The Hindu Business Line : Chief information officers concerned over Web security threats: Survey

Pune May 24 A survey of 450 Indian chief information officers (CIOs) has shown that 57 per cent of the Indian enterprises have received phishing lures during the last one-year and over a third of Indian companies, close to 38 per cent, have been the victims of spyware attack.

The survey was conducted by Websense Inc. The survey shows that 65 per cent of Indian CIOs are concerned about security threats emanating from the Web (cumulative score of 7.8 on a scale of 1-10). Of these, about 79 per cent of the CIOs have been concerned about Web security.

An interesting fact is that the CIOs from Mumbai (72 per cent) and Bangalore (71 per cent) seem to be little more hyper about the Web threats compared with their counterparts from Chennai (51 per cent) and Hyderabad (45 per cent). Over 55 per cent of organisations in the country are believed to have received viruses and worms into their corporate network due to their employees surfing the Web.

CIOs felt that these have been the result of some of their employees exposing their corporate networks to security threats which included free software downloads, use of instant messaging tools, proxy avoidance sites, visiting malicious Web sites and pop-ups.

Though the companies have been at the receiving end, they are unable to quantify the financial loss that has occurred.

Computing Devices

The report also notes that Chennai-based organisations have been the most targeted among the Indian cities with 49 per cent receiving spyware attacks.

The top three issues that have cropped up are the employee use of bandwidth clogging applications (such as streaming media), use of instant messaging and pop-up ads, with the exception of Chennai where system issues such as `downtime due to malware' and `spyware on employees' workstations' apart from pop-up ads emerged as the top three concerns for the IT departments.

About 47 per cent of the organisations surveyed agreed that mobile computing devices such as laptops, PDAs and mobiles have heightened the threat to their security compared with last year. The survey was conducted at four locations in India — Bangalore, Mumbai, Chennai, and Hyderabad between January and March 2007.

Protecting Network

Four hundred and fifty organisations were identified on the basis of PC penetration and classified as small (up to 100 PCs); medium (101-1,000 PCs) and large (over 1,000 PCs) and 150 organisations from each category across industry verticals were targeted.

It received responses from 320 organisations, comprising of medium (43 per cent) and large enterprises (46 per cent). About 65 per cent IT decision-makers from middle and senior level management responded to the survey and were mainly from IT/ITES (33 per cent), manufacturing (23 per cent), BFSI (11 per cent), education (9 per cent) and the rest (24 per cent) from other industry segments.

The survey result concludes that the Web is fast becoming a vector of security attacks and Indian CIOs should look at protecting their network and they would benefit by monitoring what Web sites employees are surfing and limit them from accessing sites that are malicious in nature and unproductive.