[ISN] Survey Finds Net Security Full of Holes

From: mea culpa (jerichoat_private)
Date: Tue Nov 24 1998 - 23:31:24 PST

  • Next message: mea culpa: "[ISN] The Government spys on us?"

    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    By Emma Connors.
    A major survey of Australian organisations has revealed an information
    security hole large enough to accommodate several truckloads full of
    "Australian companies are increasing their exposure to security risks for
    which they are not prepared," warned Ernst & Young's national director of
    information systems assurance and advisory services, Mr Garry Dinnie. 
    Only 25 per cent of organisations surveyed have implemented data
    encryption, a measure which the Ernst & Young Global Information Security
    Survey refers to as a "fundamental level of protection ... no business
    should be conducting e-commerce without employing at least a basic level
    of encryption". 
    Earlier this year Ernst & Young surveyed 114 companies and discovered most
    are pushing ahead with e-commerce plans, despite serious misgivings about
    the risks. 
    Ninety per cent of organisations surveyed which have a connection to the
    internet rated their security as poor, but most are still planning to
    increase their online activities. The 13 per cent now using e-commerce is
    expected to increase to 80 per cent within two years. 
    Australian businesses are not unaware of the dangers they face. Ernst &
    Young found local companies generally expressed more fears about
    e-commerce than their international counterparts. Some 38 per cent of
    Australian companies surveyed cited security as a major barrier to
    e-commerce.  But while 75 per cent of senior managers rate information
    security as "important" or extremely important, 45 per cent don't allocate
    any budget funds to the activity. 
    Mr Dinnie said that often much attention is paid to external threats,
    while many companies overlook the fact that the greatest danger often lies
    "A lot of people involved in security are concerned about the evil hacker,
    but those organisations that have actually suffered a loss report the
    source is usually internal. 
    "The more a network is opened up, the greater the possibility that
    employees can plot with third parties. Accidental loss should also not be
    ignored. Sometimes money is lost because employees simply make a mistake," 
    Mr Dinnie said. 
    Ernst & Young found that 16 per cent of those surveyed have suffered, or
    believe they have suffered, at least one break-in via the internet. But if
    precedent is any guide, very few will be talking publicly about their
    One of the best known security breaches occured four years ago, when
    Citibank was targeted by a Russian hacker.  The scam was identified, a
    trap laid, and US$11.6 million ($18 million) in stolen funds was recovered
    but Citibank, which went public with the breach, promptly lost one-fifth
    of its top clients, according to US specialist Secure Computing. 
    * A survey of Australian organisations has revealed huge information
      security gaps. 
    * Only 25pc of businessses Ernst & Young surveyed used data encryption in
    * 90pc of the 114 companies rated their security poor but planned more
      online activities. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:17 PDT