Security pros: Our defences need work
Published: 10 Sep 2002 08:16 BST
Though most corporate security professionals see network protection as critical, they have only made modest gains in securing their companies, according to a report published on Monday.
The Internet Security Alliance's survey of 227 information security professionals worldwide found that nearly 88 percent of participants believed that protecting their business information was essential to their company's survival. But only 56 percent are prepared for cyberterrorism and information threats, up 20 percent since the 11 September attacks.
"There is a perception that we are dealing with hackers out there who need an intellectual challenge, but there are now organised threats," warned David McCrudy, a former seven-term Oklahoma congressman who is now executive director of the ISAlliance. "Senior management has said that this is an important topic, but there hasn't been follow-up."
With this report, the industry organisation echoes the findings of the Business Software Alliance (BSA), which previously cited warnings about the dangers of corporate cyberattacks in a survey of information technology professionals.
More than 93 percent of security professionals said their company planned to increase the resources allocated to safeguarding their information in the current year. However, on average only about a third said they had improved their security since the 11 September attacks.
At least one security professional questioned the findings of the survey: specifically, that 70 percent of participants thought that their company had adequately protected itself against hacking threats.
"I look at that number and I am dumbfounded," said Peter Lindstrom, director of security strategies for the Hurwitz Group, an analyst firm. "I'm thinking to myself, at least 30 percent were honest. The other 70 percent were either lying to the survey, lying to themselves or completely disingenuous."
Lindstrom said that the complexity of completely securing a network makes even attaining "adequate" security difficult.
"It's hard to believe anyone would step up and say that, given the history of security," he said.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
33 out of 94 people found this useful
- Share this article:
