09 September 2002 Survey Shows Progress in Upgrading Information System Security (Thirty percent of organizations may be unprepared to withstand cyberattack) (730)
Increasing numbers of corporations are improving their security measures to withstand a terrorist attack on their information technology (IT) systems, according to a survey released September 9. Nevertheless, though the awareness of the potential for such attacks is high, 30 percent of the IT specialists responding said their firms are not properly prepared for cyberspace sabotage. The survey was conducted jointly by the Internet Security Alliance, the National Association of Manufacturers and RedSiren Technologies, a private information security company. The Internet Security Alliance is a coalition of government, academic and private specialists concerned with protection of the nation’s IT infrastructure. The survey of more than 225 information security specialists found that almost half their companies have increased spending to guard against an attack while 60 percent have adopted new or improved guidelines on how to respond to an attack. The survey is available in full at http://www.redsiren.com/survey.html Further information about IT security efforts is available at http://www.isalliance.org/ The Internet Security Alliance publishes a guide on security strategies that may be requested at http://www.isalliance.org/news/requestform.phtml Following is the text of the news release. (begin text) Internet Security Alliance National Association of Manufacturers RedSiren GLOBAL COMPUTER SECURITY SURVEY FINDS ONE-THIRD OF COMPANIES MAY NOT BE ABLE TO FEND OFF CYBERATTACKS WASHINGTON, Sept. 9, 2002 - A new survey of information security specialists at organizations around the world finds that - despite a high level of awareness of the risk of computer attacks even before the events of last September 11th - almost one-third of the companies surveyed say they may still not be adequately equipped to deal with an attack on their computer networks by cyberterrorists. Conducted jointly by the Internet Security Alliance (ISAlliance), the National Association of Manufacturers (NAM) and RedSiren Technologies Inc., the survey asked respondents to compare their companies' attitudes regarding information security issues, both today and prior to last year's terrorist attacks on the World Trade Center and the Pentagon. The survey found that: --30 percent of respondents said their firms do not have adequate plans for dealing with information security and cyberterrorism issues, down from 39 percent last year; --33 percent said information security is not a visible priority at the executive or board level of their organizations; --39 percent said information security plans are not regularly communicated to or reviewed by top corporate executives; yet --88 percent said their companies now recognize information security as an issue essential to the survivability of their business, up from 82 percent prior to the attacks. The survey was conducted from Aug. 12-23, targeting corporate information security specialists around the world. More than 225 responses were recorded from throughout North America, Europe, the Middle East and Pacific Rim regions. "Based on these results, our challenge is to educate companies about the need for taking added preventative steps now, as well as the hard-nosed reality that this situation will not change. Enterprises of all sizes have to remain active and vigilant on an ongoing basis if they are going to protect against cyberattacks on their systems," said Doug Goodall, RedSiren's president and chief executive officer. "Information security needs to be a top priority for any successful business, from the executive level to the IT manager," said Dave McCurdy, ISAlliance's executive director. "Businesses rely more on the Internet and e-commerce than ever before and confronting new and emerging cyber-threats without sound IT security practices is not sound corporate management." The ISAlliance is the publisher of "Common Sense Guide for Senior Managers: Top Ten Recommended Information Security Practices." Forty-eight percent of respondents said that the September 2001 attacks had made them "more concerned" about cyberterrorism and its impact on their organizations; 49 percent reported no change in attitude at all. "This seems to indicate a bit of a disconnect between the perception of the general threat of cyberterrorism and specific concern about one's own organization," said Tom Orlowski, vice president, Information Systems, at NAM. "It may reflect a mentality that 'it'll never happen to me.' In today's world, that may be a dangerous complacency." Almost half of the respondents (47 percent) said their companies have increased spending on information security since last year, and 38 percent said that trend would continue in 2003. New or improved information security measures implemented in the past year ranged from cyber insurance policies (31 percent report obtaining them for the first time), to incident response plans (60 percent implemented new or upgraded strategies). A copy of the full survey results is available at www.redsiren.com/survey.html. (end text) (Distributed by the Office of International Information Programs, U.S. Department of State. Web site: http://usinfo.state.gov) IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
