[ISN] Report: Business fails on global security

From: InfoSec News (isnat_private)
Date: Wed Nov 14 2001 - 23:19:18 PST

  • Next message: InfoSec News: "Re: [ISN] Linux snares security tool"

    http://www.zdnet.com/zdnn/stories/news/0,4586,5099609,00.html?chkpt=zdhpnews01
    
    By Robert Lemos
    Special to ZDNet News 
    November 14, 2001 8:20 AM PT
     
    Multinational corporations are still far off from securing their
    networks and seem to be focusing on the wrong threats, according to a
    report expected from Big Five accounting firm KPMG this week.
    
    For the risk assessment report, KPMG interviewed 500 executives in
    August and discovered that although 85 percent felt they gave enough
    attention to protecting their information, nearly four out of 10
    thought their company could suffer a serious breach of security.
    
    The majority believes that the fix is to buy the right technology, but
    that's plain wrong, Stuart Campbell, partner for KPMG's Risk and
    Advisory Services practice, said in a statement.
    
    "Until more executives regard information security as a strategic
    business issue, organizations will remain vulnerable," he said. "This
    issue doesn't begin and end with technology solutions and technology
    departments."
    
    Rather than buy new software and systems, companies should be looking
    toward education, training and policy initiatives. Almost 90 percent
    of the executives said they had an ongoing program of such training,
    but only 11 percent said that nonmanagement employees were informed
    about security policy.
    
    "Companies need to move aggressively in educating and informing
    employees," said Campbell. "A security environment aimed primarily at
    preventing outside intrusions is destined for failure."
    
    Making the problem worse, companies seem to be focusing on the wrong
    risks. The report found that a third of executives considered hackers
    attacking from the Internet to be the greatest threat, but the
    reality, it said, is that almost 80 percent of attacks originate from
    inside a company's network.
    
    Another study may complicate that finding, however.
    
    Last March, the 2001 Computer Crime and Security Survey found that
    although attacks by online vandals didn't account for major dollar
    losses, the Internet has become a major source of attacks for most
    organizations. Companies that found themselves the victim of attacks
    via the Internet increased to 70 percent in 2001, but the number of
    companies experiencing insider attacks fell to 31 percent.
    
    Still, some results of the KPMG study indicated that companies were
    improving information security.
    
    Nearly eight out of 10 multinational corporations had developed a
    catastrophic response plan, and almost six out of 10 had hired
    full-time security specialists.
    
     
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 01:03:46 PST