Businesses are leaving themselves open to IT security risks despite
evidence that hacking and viruses are resulting in increasing
business interruptions.
Just over half of businesses have continuity plans, and only half
of these have been tested, a survey of 495 chief information
officers, IT directors and executives around the world by
consultancy Ernst & Young reveals.
Forty per cent of the companies questioned do not investigate a
security breach, despite the possibility that hackers may have
planted malicious code or back doors.
Many firms have failed to take basic security measures, the
research shows: 19% do not have anti-virus procedures; 28% do not
use access management, although 66% do use firewall management.
Two-thirds of the organisations surveyed admitted that poor
employee awareness of security is problem but less than half offer
training.
On the positive side, the survey shows that 74% of organisations
have an information security strategy, and 70% are planning to
enhance their business continuity and IT disaster recovery plans.
Nearly half of the companies surveyed do not recognise business
continuity as part of their corporate strategy, but as a technical
issue for the IT department.
About 60% of the respondents expect to become more vulnerable as
use of the Internet grows, but only 40% feel "very confident" of
their ability to detect attacks.
Fifty six percent of organisations said that hardware and software
failures where the biggest cause of system unavailability, followed
by telecommunications failure.
Malicious attacks, operational errors, system capacity and supplier
failures were ranked by 25% of the respondents as causes for system
unavailability.