The 11 September terrorist attacks have done more than
government regulation, computer hacking and virus attacks to
persuade businesses to improve their IT security, a survey of 250
chief security officers in multinational companies has
revealed.
Over the past six months companies have hardened their systems
against attacks from internal and external hackers, improved access
control and reviewed the security policies of their suppliers,
according to the survey by RSA and CSO.
Fewer organisations are relying on passwords alone to protect
their systems, with two-thirds of the chief security officers
reporting that their companies had installed more advanced forms of
authentication.
Twenty per cent said they made significant use of authentication
tokens, 12% made significant use of smart cards, and a third were
significant users of encryption. Some 9% said their companies were
moderate users of biometric technology.
Nearly half the security managers said they had reviewed the
security policies of their suppliers over the past six months, and
80% said they had changed the way they storied sensitive customer
and employee information over the past 18 months.
The security officers questioned said they were most concerned
about the impact of denial-of-service attacks on their businesses,
reflecting fears that a truly massive attack could bring down the
whole internet, with enormous consequences for the global
economy.
Computer hacking and the theft of sensitive corporate
information were also high on the list of the chief security
officers' worries, followed by the potential impact of future
terrorists attacks on their businesses.
Many chief security officers admitted that they were more wary
of giving their personal details when buying online following
publicity over hacking attacks and data theft.
Over 40% said they had changed their behaviour when entering
personal data into the web: 28% suggested they were more careful
when using a credit card online, while 24% said they had reduced
the frequency of their online purchases.
Only 22% described passwords as a highly effective security
method, compared with nearly half who described token-based
authentication and encryption as highly effective.