[ISN] Interpol warns firms over security 'vacuum'

From: InfoSec News (isnat_private)
Date: Tue Apr 23 2002 - 22:51:25 PDT

  • Next message: InfoSec News: "[ISN] AOL's AIM Puts Browser Security in Danger"

    By Rachel Fielding [22-04-2002]
    Security still not core business issue
    The chairman of Interpol's European Working Party on IT Crime has
    warned that a "vacuum of knowledge" surrounding IT security means
    companies are exposing themselves to unnecessary risk.
    Bob Jones, who also works as a computer security consultant at Queen
    Mary's college at the University of London, said too many companies
    took on IT security staff blindly believing that they would be able to
    'pick up' the necessary knowledge as they went along.
    "As more and more machines are interconnected, the problem is much
    more complex. These individuals need indepth training of technical
    security aspects but they also need management training - and
    knowledge about how to manage security issues," Jones said.
    Companies across both the private and public sectors still did not
    view IT security as a core business issue, he warned.
    His claims are mirrored in the latest Information Security Breaches
    survey conducted by PricewaterhouseCoopers on behalf of the Department
    of Trade and Industry, which found that lack of investment in security
    systems is allowing companies in the UK to fall victim to increasing
    security breaches.
    The number of UK businesses that have suffered a malicious security
    incident since 2000 has almost doubled. Half of companies and four out
    of five large businesses fell victim over the past year to viruses,
    hacking attacks, fraud, and other information security breaches,
    compared with less than one in five in 1998.
    The average cost of each serious breach is 30,000, and several
    companies reported incidents costing them more than 500,000, the
    report said.
    But while three-quarters of UK businesses believe they hold sensitive
    or critical information, only one in four have a security policy in
    place to protect it.
    "A lot of people just ignore the problem because they view it as a
    technical issue. Companies have to make IT security part of company
    policy. And it's easy to produce a paper document, but for it to work
    it has to be part of the company culture," Jones said.
    "Unless you have full board level support for running secure systems,
    companies won't get the training and resources to support security
    experts," Jones added.
    The European Working Party on Information Technology Crime consists of
    members of national computer crime units from Austria, Belgium,
    Denmark, Finland, France, Germany, Italy, the Netherlands, Norway,
    Portugal, Spain, Sweden, Switzerland and the United Kingdom.
    Interpol is the second-largest international organisation after the
    United Nations, with 179 member countries spread over five continents.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 01:43:19 PDT