Bosses are biggest threat to IT security

Bosses are the biggest threat to corporate data because they use their personal IT devices to upload and download work on the corporate network, according...

Bosses are the biggest threat to corporate data because they use their personal IT devices to upload and download work on the corporate network, according to new research.

Sourcefire, the creator of Snort, an open source network intrusion detection system, found that 96% of UK senior managers and directors and 69% of employees use personal devices for work tasks, and 71% move data on and off the corporate network via these devices.

Almost all (98%) staff had personal email accounts and one in four had used it for work during the past year. The most common use was to send urgent emails when the corporate email was down (18%), and 12% had used it to receive legitimate work documents that were being blocked by the company firewall.

Some 83% of employees admitted such actions posed a risk to their organisation's IT security, but if banned, one in three would just carry on regardless. In fact, 27% said the company should welcome their commitment to completing their work.

The firm said threats emerging from greater use of the internet and mobile computing were increasing the complexity of firms' IT security platforms and dividing responsibility for dealing with them.

Half the staff thought everyone was ultimately responsible for IT security, but 41% thought it was up to IT, and 7% named the IT director or CIO.

Only 30% of respondents were given specialist software or apps to protect them from IT security threats.

Three-quarters of respondents said the government should be doing more to provide a safe internet environment, but 60% of IT security managers criticised government initiatives to combat cyber crime.

IT security managers expected cloud computing to take off, but 87% expected it to raise more security challenges. Almost eight in 10 believed that other large IT companies, as well as Microsoft, would face attacks from cyber criminals in the next few years.

Just over nine out of 10 said their IT department was not able to provide complete protection from cybersecurity threats, but 86% said their organisation did not expect it to. Even so, nine of 10 spent some time researching emerging cyber threats. This 7.5 man-days/month, but could rise to 30.

The market research was conducted by Dynamic Markets and involved quantitative research with employees and IT managers in large organisations in the UK. A sample of 551 interviews was collected with employees in large UK and 111 interviews were collected with IT security managers, IT managers and IT directors with knowledge of and/or responsibility for the organisation's IT security.

Read more on Hackers and cybercrime prevention