[ISN] Internet Security Not Pressing to All

From: InfoSec News (isnat_private)
Date: Sun Sep 08 2002 - 23:17:14 PDT

  • Next message: InfoSec News: "[ISN] Corporate America now on front lines of war on terror"

    Forwarded from: William Knowles <wkat_private>
    By Nicholas Johnston
    Washington Post Staff Writer
    Monday, September 9, 2002; Page E05 
    Companies increasingly identify computer security as one of their top
    priorities, but a significant minority admit that they are
    inadequately protected, according to a survey to be released today.
    "The positive news is that industry is talking the talk of the need
    for improved information security," said David McCurdy, executive
    director of the Internet Security Alliance. "The negative news is that
    very few are walking the walk."
    Nearly 90 percent of 227 companies that responded to a survey said
    information security was essential to the survival of their business.  
    However, 30 percent said their plans for dealing with technology
    threats were inadequate.
    The reason is that the threat of cyber attack remains relatively new
    for many businesses, said Doug Goodall, chief executive of the
    computer security firm RedSiren Technologies of Pittsburgh. And it
    will take some time for companies to adjust to those new threats and
    make appropriate responses.
    "The challenge for fully a third of organizations interviewed is that
    they still have a long way to go from awareness to proactive
    management of the risks," Goodall said.
    The Internet Security Alliance, the National Association of
    Manufacturers and RedSiren conducted the survey last month, receiving
    responses from information security specialists at 227 companies
    worldwide. Although the survey is not statistically valid, Goodall
    called the responses a fair representation of the experience of most
    About half of the respondents reported that the Sept. 11 attacks made
    them "more concerned" about cyber-terrorism, but almost as many
    respondents reported no change in their attitude.
    And the economic fallout from the terrorist attacks could also be why
    companies are slow to adopt more rigorous security procedures. "A lot
    of companies right now are trying to survive," McCurdy said. "This has
    been a cost item."
    According to those who conducted the survey, many companies might
    still believe that the potential losses from a cyber attack are not
    yet great enough to warrant increased spending on security.
    "A sizable portion [of companies surveyed] believes this is manageable
    risk or an acceptable risk," McCurdy said. "That's a mistake."
    What might be necessary to change those perceptions is a computer
    security event the magnitude of last year's terrorist attacks to focus
    attention on the problem, just as those attacks changed security
    procedures at airports, for instance.
    "They [corporate executives] have not in most cases had a debilitating
    attack on their business," said Tom Orlowski, vice president for
    information systems at the National Association of Manufacturers.  
    "It's kind of like, 'Overall the U.S. has a huge risk, but me and my
    company? I don't have much of a risk.' "
    Almost a third of companies said they were unprepared for possible
    cyber attacks, but 33 percent also said company executives have not
    taken enough interest in the issue.
    "It's just not high enough on their priority list," Orlowski said.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Sep 09 2002 - 01:39:01 PDT