Lack of organisational support hinders IT’s ability to enforce e-mail security policies and practices, a study claims.
Research conducted by Sendmail Inc, which describes itself as a provider of email security infrastructure, at the RSA Conference 2005 also highlighted the impact executives have on user attitudes towards email security.
Sendmail polled 141 IT and security professionals at RSA on enterprises’ approaches to email security. One-third (34pc) of respondents said the rise in emerging attacks, such as phishing, has increased executives’ awareness of the need to invest in email security. Despite this, 71pc feel that they don’t have enough executive support when it comes to protecting their email network. According to the company, the survey indicates that the lack of support not only impacts the IT department’s ability to implement critical security policies and practices, but also affects users’ attitudes towards following them. This is preventing nearly one-fourth (23pc) of organisations from taking proactive measures against emerging threats, and is causing 27pc of users within an organisation to ignore email security policies.
Inflated opinions
The survey also indicated that executives have inflated opinions of their organisation’s email security, it is claimed. When asked, one in three executives were more confident in their organisation’s email security than users or IT managers. Research also showed that more than half of IT professionals (53pc) said they believe executives underestimate the effect a breach in email security would have on their businesses.
In a related study commissioned by Sendmail in February 2005 research found that executives and users have weak attitudes towards email security adoption. The study reports that nearly half (49pc) of executives require significant convincing or want to spend as little as possible on email security, while in 36pc of the companies surveyed, users want to do as little as possible to make email secure.
The study also highlighted that many enterprises are still taking a reactive approach to email security. It found that 25pc of organisations do not have a formalised email security policy in place. The research indicated that in 41pc of organisations, significant investments in email security systems and upgrades were only made after an executive mandate, DoS attack or other security breach.
What they say
“Achieving email network security throughout an organisation can be extremely difficult and a daunting task,” said John Stormer, senior vice president of worldwide marketing of Sendmail, Inc. “In order to do so, enterprises must realise that technology alone is not the solution – all parts of the business must align to support these practices and policies throughout the organisation.”
