Forwarded From: Simon Taplin <sticker@icon.co.za>
In a recent survey, most companies interviewed showed little grasp of the
importance of Internet security, writes Greg Gordon
A survey conducted among South Africa's top 200 companies by Arthur
Anderson shows that 75% of local companies ignore internet security.
The company's computer risk management department released the results of
the second annual Internet security survey this week, describing the findings as
astounding.
The survy indicates that 73% of respondant companies do not have a
comprehensive Internet security policy, and 61% do not have a security
awareness programme for end users.
Mark O'Flaherty, who heads up the computer risk management department,
says South African companies don't devot enough resources to keeping
confidential information safe on-line.
"Insufficient time and effort spent identifying and removing internet risks could
endanger sensitive information," he says. "Respondants are generally aware of
the threats hackers pose to computer systems but they ignore them. They
know the risks are there, but they are reluctant to do anything about it."
It is difficult to gauge the number of hacker hits on South African companies
because those that have been infiltrated are reluctant to admit it.
Says O'Flaherty: "Most companies are not keen to disclose the security
breaches because it labels them as vunrable. Those that have spoken to us
about hacking incidents say most have been harmless."
But complaceny is no solution. In many cases, hackers have been able to
enter corperate networks and steal sensative information. Malicious hacker can
sell information to competing companies or they can postit on public websites,
which can prove embarrassing.
Local security expert Ian Melamed says computer security shoudl not be taken
lightly. "Although the recorded incidences of on-line securrity breaches are low,
its it not to say that they dopn't happen, they do.
Most hackers do it for kicks. They enjoy the challenge of breaking into a
computer network and leaving a harmless message behind to show that they
were there.
"The real problem with hackers is that, if they don't want you to know they have
been there, they can remain invisible. They can steal data without you knowing
about it," says Melamed.
Unlike any physical object that is stolen, data is merely copies. The original is
right where you stores it - the hacker ha simply made and removed a copy.
Says: Melamed: "Its not use burying you head in the sand. Security is a
serious issie at all levels. Many companies employ security guards or
companies to guard their premises, so they should look after their data just as
well, particularly that which is crucial to the company's operations."
Take from the Sunday Times Business Times
Simon
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 6 08:10:21 1998