[ISN] UK security 'most shameful in Europe'

From: InfoSec News (isn@private)
Date: Fri Oct 31 2003 - 01:08:38 PST

  • Next message: InfoSec News: "[ISN] CanSecWest/core04 Call For Papers"

    http://www.silicon.com/software/security/0,39024655,39116690,00.htm
    
    by Will Sturgeon 
    October 30 2003 
    
    Findings reveal British business is open to viruses, spam and pretty 
    much anything else... 
     
    Despite the proliferation of high-profile attacks and a spate of 
    recent worm and virus outbreaks European businesses are still not 
    heeding the warning to properly protect themselves. 
    
    And the UK is up there among the worst offenders - with British 
    businesses being put to shame by the near-watertight security in place 
    within companies in Sweden and Germany. 
    
    The findings are the result of a Europe-wide survey conducted by 
    security vendor MacAfee. 
    
    Across Europe, 28 per cent of companies surveyed have no measures in 
    place to protect them against the new breed of 'blended threat' - such 
    as Sobig and Blaster. 
    
    But that average, when broken down, reveals a great disparity in the 
    preparedness of UK firms. While 12 per cent of German firms admit to 
    being open to attack by such viruses, the figure in the UK is a 
    staggering 43 per cent, according to MacAfee. 
    
    The UK's blushes are spared only slightly by the Dutch who manage a 
    shocking 43 per cent. 
    
    The level of preparedness varies greatly by country, with 12 per cent 
    of German firms saying they remain undefended from such attacks while 
    42 per cent of British firms and 43 per cent of Dutch firms are 
    unprotected. 
    
    However, Jay Heiser, principal analyst as TruSecure, believes the 
    difference between the UK and Germany is due in a large part to 
    different cultures with the server room - typified by a UK tendency to 
    adopt a 'we know best' attitude. 
    
    "The differences owe a lot to different philosophies regarding 
    configuration control. In the UK there is a greater tendency to go 
    with bespoke solutions and there is less appetite for configuration 
    management, whereas German businesses will generally favour conformity 
    in their configuration, and that is far easier to manage more 
    effectively." 
    
    However, Heiser warned against UK companies panic-buying security 
    products to make up their shortcomings. 
    
    "I've never seen that approach work," he said. 
    
    Heiser believes many companies have probably already made all the 
    investment they need and now just need to work out how to use what 
    they already have. 
    
    "Education is the most important thing. Companies would be far better 
    off working out what they can get out of their existing security 
    products and learning which are the vulnerabilities they most need to 
    patch." 
    
    With a keen sense of how to kick a nation while it's down, MacAfee 
    also revealed that UK companies have the worst defences in place to 
    protect their employees from spam. 
    
    According to the survey, 40 per cent of UK companies have no spam 
    filtering in place, while 28 per cent of UK firms said they have no 
    plan to install such measures in the next 12 months. 
    
    These last statistics are perhaps unsurprising given the problems UK 
    businesses are clearly having getting up to date with email-borne 
    malware such as worms and viruses. At this rate it is likely to be 
    years yet before the UK starts to take control of the relatively new 
    spam issue. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 04:35:13 PST