[ISN] Computer security incidents cost NZ businesses millions

From: InfoSec News (isn@private)
Date: Tue Dec 06 2005 - 02:33:11 PST


December 5, 2005

Internet security breaches are costing New Zealand businesses between
$140 million and $240 million a year, a new study shows.

According to an Internet Security Survey conducted by the Employers
and Manufacturers Association Northern in November, the range was
"conservatively estimated" from the lowest to the median costs of the
disruptions reported by 356 businesses, extrapolated across the
country's 123,000 businesses employing more than one person.

About half the sample's respondents said the cost in the last 12
months was between $500 to $10,000, including rework, lost work,
repairs and lost business.

Despite the cost of vulnerability, many businesses are failing to
protect themselves in even the most rudimentary of ways, the study

"For instance, 91 per cent of companies employing 20 people or less
have antivirus software installed compared to 84 per cent of companies
employing more than 20 people. 55 per cent of smaller companies have
deployed anti-spyware compared to 49 per cent of larger firms," said
EMA communications manager Gilbert Peterson.

Investment in IT remained static from 2004 to 2005, the survey said,
with 51.2 per cent of respondents spending less than $19,000 this
year, compared to 51.8 per cent in the last survey in March 2004.

Of that relatively modest investment, 55.8 per cent invested five per
cent or less on security in 2005 -- level pegging with the 55.7 per
cent that spent five per cent or less in 2004.

Nor are businesses taking advantage of the automatic security upgrades
that are widely seen as essential to combatting fast-evolving internet

"It's disturbing that the number automatically updating their internet
security systems has dropped," Mr Peterson said, down from 90.3 per
cent in 2004 down to 75.2 per cent in 2005.

"If these systems products are not regularly updated there is little
point in having them.

"Though more businesses are allowing staff access to the internet at
work - now up to 65 per cent - staff internet policies have not kept
pace, while training on safe internet practices has dropped from 67.2
per cent in 2004 to 55.9 per cent in 2005.

"Nonetheless the survey shows the great majority of businesses are
using security software at some level. Overall 88 per cent of
respondents have installed antivirus software; 77 per cent have in
place firewall software or appliance; and overall 63 per cent have
spam filtering. However, only 26 per cent use intrusion prevention
software and 24 per cent URL blocking," he said.

"This year's survey attracted a far higher response rate than last
time, over double with 530 respondents in all compared to 230
previously keeping pace with the growth of internet threats.

"The range of internet security breaches has become broader and more
complex. Twenty one months ago, the top security concerns were limited
to viruses, hackers and spam. Now the list includes Trojans, worms,
spyware and email scams such as phishing, and others," said Mr

Fifty-one per cent of total respondents have been the target of a
phishing expedition, the study showed and businesses are receiving an
average of 98 spam emails per day.

That's down from 21 months ago, the survey said, as spam filtering
appears to be working.

This year, five per cent of the survey sample report getting 51-100
spam emails a day compared with 12 per cent reporting the same volume
in the last survey.

Only 9.1 per cent of businesses are still on a dial up internet with
34 per cent on high speed broadband connections though many are
dissatisfied with its reliability, speed and cost.

Nearly 11 per cent of respondents cited broadband reliability, speed
and cost as one of their top two IT issues.

Handheld devices are now a pervasive part of the mix, the study

In 2004 just 12 per cent had a hand held device in their business, now
49 per cent have them with 51.8 per cent using one or more converged

Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 02:49:08 PST