Our exclusive SC/Symantec Hosted Services survey of IT staff attitudes to online threats turned up some interesting results - there was often a disconnect between perception of threat and the reality.

In July 2010, SC teamed up with Symantec Hosted Services (SHS) to survey attitudes of IT staff to online threats. The results were revealing and often displayed a disconnect between perception of threat and the reality. This reality is neatly captured in the latest Web Threats Report from Symantec, published at the same time as our survey ran.

Taking a top-level view, CISOs and CIOs can take some comfort that IT staff are at least aware of the potential web-borne threats and their effect on the enterprise and the wider business.

However, it was significant that 93 per cent of respondents thought that the biggest risk was that ‘IT systems may run slow'. This was over and above ‘PCs becoming part of botnets' (88 per cent) and ‘Data loss' (88 per cent). This may reflect that IT staff still think in terms of hardware deficiencies and architectures rather than their increasingly important role in protecting business as a whole.

There did seem to be an understanding of how infections spread. When asked, ‘How can web users become infected with malware?', significant percentages answered ‘Downloading files' (89 per cent), ‘Visiting website' (85 per cent) and ‘Following ad on website' (84 per cent).

A downside is that IT staff seem ignorant of how the threat may have moved on. An overwhelming 73 per cent of respondents thought they would remain safe by visiting legitimate websites, while 33 per cent still seem unaware of the existence of drive-by downloads or auto-infection – which shows that a degree of education is still needed.

Symantec's Web Threats Report 2010 makes it startlingly clear. It says: “Based on an analysis of the age of blocked domains, almost 90 per cent of malicious websites are legitimate ones compromised by malware without owners' knowledge or complicity. This compares with 80 per cent in 2009. The remaining ten per cent (20 per cent in 2009) are malicious sites created by cyber criminals themselves.”

It concludes that infected websites are no longer confined to the ‘dodgy' margins of the internet: “There are now probably many tens of thousands – and 90 per cent are perfectly legitimate, often mainstream sites that, unknown to their owners, have been compromised in some way by the sophisticated, skilled and determined gangs of cyber criminals who now dominate the online ‘underworld'.”

This reality is not being confronted by IT managers, it seems. When asked how they controlled access to the web, 64.7 per cent said they blocked specific URLs. This demonstrates a lack of creative thinking and education when dealing with web threats. Black listing is useless when legitimate and approved sites are likely to have been taken over.

“Equally concerning is the fact that infection techniques have become much more cunning and virulent than they were just two years ago: in many cases, the simple act of visiting an infected website. And with cyber criminals successfully extending the lifespan of many of their threats, the odds on a user stumbling on a malware-bearing website have never been shorter,” says the Symantec report.

The SC and Symantec Hosted Services Survey ran during July 2010 and analysed the responses of 102 visitors to www.scmagazine.com/uk.

The Symantec Web Threats 2010: The risks ramp up report can be downloaded here.

The SC Studio debate on the survey and report findings is available to view here.