http://www.nbr.co.nz/home/column_article.asp?id=13723 December 5, 2005 Internet security breaches are costing New Zealand businesses between $140 million and $240 million a year, a new study shows. According to an Internet Security Survey conducted by the Employers and Manufacturers Association Northern in November, the range was "conservatively estimated" from the lowest to the median costs of the disruptions reported by 356 businesses, extrapolated across the country's 123,000 businesses employing more than one person. About half the sample's respondents said the cost in the last 12 months was between $500 to $10,000, including rework, lost work, repairs and lost business. Despite the cost of vulnerability, many businesses are failing to protect themselves in even the most rudimentary of ways, the study shows. "For instance, 91 per cent of companies employing 20 people or less have antivirus software installed compared to 84 per cent of companies employing more than 20 people. 55 per cent of smaller companies have deployed anti-spyware compared to 49 per cent of larger firms," said EMA communications manager Gilbert Peterson. Investment in IT remained static from 2004 to 2005, the survey said, with 51.2 per cent of respondents spending less than $19,000 this year, compared to 51.8 per cent in the last survey in March 2004. Of that relatively modest investment, 55.8 per cent invested five per cent or less on security in 2005 -- level pegging with the 55.7 per cent that spent five per cent or less in 2004. Nor are businesses taking advantage of the automatic security upgrades that are widely seen as essential to combatting fast-evolving internet threats. "It's disturbing that the number automatically updating their internet security systems has dropped," Mr Peterson said, down from 90.3 per cent in 2004 down to 75.2 per cent in 2005. "If these systems products are not regularly updated there is little point in having them. "Though more businesses are allowing staff access to the internet at work - now up to 65 per cent - staff internet policies have not kept pace, while training on safe internet practices has dropped from 67.2 per cent in 2004 to 55.9 per cent in 2005. "Nonetheless the survey shows the great majority of businesses are using security software at some level. Overall 88 per cent of respondents have installed antivirus software; 77 per cent have in place firewall software or appliance; and overall 63 per cent have spam filtering. However, only 26 per cent use intrusion prevention software and 24 per cent URL blocking," he said. "This year's survey attracted a far higher response rate than last time, over double with 530 respondents in all compared to 230 previously keeping pace with the growth of internet threats. "The range of internet security breaches has become broader and more complex. Twenty one months ago, the top security concerns were limited to viruses, hackers and spam. Now the list includes Trojans, worms, spyware and email scams such as phishing, and others," said Mr Peterson. Fifty-one per cent of total respondents have been the target of a phishing expedition, the study showed and businesses are receiving an average of 98 spam emails per day. That's down from 21 months ago, the survey said, as spam filtering appears to be working. This year, five per cent of the survey sample report getting 51-100 spam emails a day compared with 12 per cent reporting the same volume in the last survey. Only 9.1 per cent of businesses are still on a dial up internet with 34 per cent on high speed broadband connections though many are dissatisfied with its reliability, speed and cost. Nearly 11 per cent of respondents cited broadband reliability, speed and cost as one of their top two IT issues. Handheld devices are now a pervasive part of the mix, the study showed. In 2004 just 12 per cent had a hand held device in their business, now 49 per cent have them with 51.8 per cent using one or more converged devices. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 02:49:08 PST