A new survey of information security specialists at organizations around the world has found that despite a high le...
September 10, 2002
A new survey of information security specialists at organizations around the world has found that despite a high level of awareness of the risk of computer attacks even before the events of Sept. 11, almost one-third of the companies surveyed say they may still not be adequately equipped to deal with an attack on their computer networks by cyberterrorists.
Conducted jointly by the Internet Security Alliance (ISAlliance), the National Association of Manufacturers (NAM) and RedSiren Technologies Inc., the survey asked respondents to compare their companies’ attitudes regarding information security issues, both today and prior to last year’s terrorist attacks on the World Trade Center and the Pentagon.
The survey found that 30 per cent of respondents said their firms do not have adequate plans for dealing with information security and cyberterrorism issues, down from 39 percent last year. In addition, 39 per cent said information security is not a visible priority at the executive or board level of their organizations.
The survey, which was conducted from Aug. 12-23, targeted corporate information security specialists around the world. More than 225 responses were recorded from throughout North America, Europe, the Middle East and Pacific Rim regions.
"Based on these results, our challenge is to educate companies about the need for taking added preventative steps now, as well as the hard-nosed reality that this situation will not change," said Doug Goodall, RedSiren’s president and chief executive officer. " Enterprises of all sizes have to remain active and vigilant on an ongoing basis if they are going to protect against cyberattacks on their systems.
"Information security needs to be a top priority for any successful business, from the executive level to the IT manager,” said Dave McCurdy, ISAlliance’s executive director. “Businesses rely more on the Internet and e-commerce than ever before and confronting new and emerging cyber-threats without sound IT security practices is not sound corporate management.” The ISAlliance is the publisher of Common Sense Guide for Senior Managers: Top Ten Recommended Information Security Practices.
Forty-eight per cent of respondents said that the September 2001 attacks had made them "more concerned" about cyberterrorism and its impact on their organizations; 49 per cent reported no change in attitude at all. "This seems to indicate a bit of a disconnect between the perception of the general threat of cyberterrorism and specific concern about one’s own organization," said Tom Orlowski, vice president of information systems, at NAM. "It may reflect a mentality that ‘it’ll never happen to me.’ In today’s world, that may be a dangerous complacency."
Almost half of the respondents (47 per cent) said their companies have increased spending on information security since last year, and 38 per cent said that trend would continue in 2003. New or improved information security measures implemented in the past year ranged from cyber insurance policies (31 per cent report obtaining them for the first time), to incident response plans (60 percent implemented new or upgraded strategies).
A copy of survey results is available at www.redsiren.com/survey.html.