ZDNetAsia : Printer Friendly - Is your company doing enough to protect itself... and you?

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Is your company doing enough to protect itself... and you?

By Will Sturgeon
Tuesday, February 21 2006 11:33 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,39311395,00.htm

Conflicting reports out Monday on the subject of IT security agree on at least one fact--that companies are failing to get a handle on the issue.

Figures from Computer Economics suggest some of the world's largest companies are among the worst offenders, while a report from MessageLabs offers some consolation in suggesting the companies with the most to lose are at least doing better than others in securing their data.

The past week or so has seen a number of stories about companies failing to address security issues--for example, training staff in basic best practice and understanding the threats of emerging technologies such as wi-fi and removable storage units such as iPods.

The Computer Economics report suggests 65 percent of companies do not provide even basic periodic security training for staff while 67 percent of companies fail to carry out regular software audits of desktops to ascertain whether unauthorized programs--such as peer-to-peer software--are being used within the enterprise.

The Computer Economics report also suggested larger companies are actually lagging behind their smaller counterparts in terms of security-specific spending and staffing.

Despite this Mark McManus, vice president of research at Computer Economics, expressed concern at an apparent spending freeze on IT security.

McManus said: "The budget squeeze is most evident among small firms and large firms, where roughly half of the respondents said their security budgets are not adequate to provide the level of IT security needed."

However, critics of such an approach would suggest throwing money at the problem is far from the right approach.

Frank Scavo, president of Computer Economics, added that large companies have also been very slow to adopt new technologies.

"Our study found that medium firms are ahead of large firms by a significant margin in adoption of intrusion alerts, intrusion prevention, encryption, PKI, password management systems, and password tokens," Scavo told silicon.com. "In fact, there is not a single security technology where large firms have a greater level of adoption than medium firms. We speculate that this has more to do with organizational inertia than anything else."

Meanwhile a report from MessageLabs suggests size isn't everything as it judges the performance of companies by vertical and finds those in financial services, for example, have clearly done more to protect themselves from spam and viruses.

Other companies where data and security are of paramount importance show similar signs of having mitigated the impact of such threats. While 45.8 percent of e-mail to public sector and government bodies is spam, a staggering 74.4 percent of e-mail to companies in recreation industries is junk e-mail.

Likewise other verticals--including accommodation, catering, non-profit, retail and perhaps more worryingly education--where budgets, or the necessity and inclination, may not be up to combating such problems, are also seeing far greater instances of spam and viruses.

Technical and scientific areas such as chemical and pharmaceutical, healthcare, IT services and telecoms also show more significant signs of being on top of the problem.

Will Sturgeon of Silicon.com reported from London.