News

Security - have we learnt nothing?

Mike Simons
Corporate information systems remain vulnerable to cyber attacks, despite the increased security focus following last year's 11 September terror attacks.

Separate surveys from Computer Sciences Corporation and venture capitalists 3i highlight how far many organisations are from instituting basic best practice procedures.

The CSC survey, of more than 1,000 IT executives worldwide, found 46% did not have a formal information security policy in place and 59% lacked a formal compliance program.

A shocking 68% admitted they did not regularly conduct security risk analyses or security status tracking.

"While most IS professionals recognise the benefits of protecting and securing data, the business leadership in the organisation still sees security as a 'nice to have' rather than a 'need to have'," said Ron Knode, CSC's global director, managed security services. "It's not until something goes wrong that perceptions change. The fact is, it costs far less to establish the right security measures at the outset than it does to recover from a breach in security."

Knode added: "There has been significant media attention focused on the risks of cyber terrorism. While cyber terrorism is a very real concern, disgruntled employees or hackers also pose a risk to an organisation's data and intellectual property."

Allan Carey, senior analyst at market researcher IDC, echoed this. "With the majority of attacks it tends to be the insider who is the larger threat," he said in a comment on 3i's E-security - 2002 and beyond white paper.

The survey, carried out with the Economist Intelligence Unit, warned that 80% of firewalls were incorrectly installed and claimed that the telecoms industry was the least alert of any business sector to the importance of e-security.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy