11 September attacks key driver for IT security investment, survey finds

The 11 September terrorist attacks have done more than government regulation, computer hacking and virus attacks to persuade...

The 11 September terrorist attacks have done more than government regulation, computer hacking and virus attacks to persuade businesses to improve their IT security, a survey of 250 chief security officers in multinational companies has revealed.

Over the past six months companies have hardened their systems against attacks from internal and external hackers, improved access control and reviewed the security policies of their suppliers, according to the survey by RSA and CSO.

Fewer organisations are relying on passwords alone to protect their systems, with two-thirds of the chief security officers reporting that their companies had installed more advanced forms of authentication.

Twenty per cent said they made significant use of authentication tokens, 12% made significant use of smart cards, and a third were significant users of encryption. Some 9% said their companies were moderate users of biometric technology.

Nearly half the security managers said they had reviewed the security policies of their suppliers over the past six months, and 80% said they had changed the way they storied sensitive customer and employee information over the past 18 months.

The security officers questioned said they were most concerned about the impact of denial-of-service attacks on their businesses, reflecting fears that a truly massive attack could bring down the whole internet, with enormous consequences for the global economy.

Computer hacking and the theft of sensitive corporate information were also high on the list of the chief security officers' worries, followed by the potential impact of future terrorists attacks on their businesses.

Many chief security officers admitted that they were more wary of giving their personal details when buying online following publicity over hacking attacks and data theft.

Over 40% said they had changed their behaviour when entering personal data into the web: 28% suggested they were more careful when using a credit card online, while 24% said they had reduced the frequency of their online purchases.

Only 22% described passwords as a highly effective security method, compared with nearly half who described token-based authentication and encryption as highly effective.

Read more on IT risk management