Internet Security Concerns
Neither government nor industry has the means to protect the nation against computer attacks that could shut down communications and power grids, the chairman of a presidential commission studying the problem said in October.
"While a catastrophic cyber attack has not occurred, we have enough isolated incidents to know that the potential for disaster is real and the time to act is now," said Bert T. Marsh, chairman of the Commission on Critical Infrastructure Protection. In a speech to the National Information Systems, Security Conference, Marsh said that several government and academic sites that pride themselves on tight security were targets of a recent e-mail attack.
"A flood of e-mail messages originating in Australia and Estonia and routed through the White House computer system virtually shut down Langley Airbase's e-mail for hours," he said.
Back in issue 97:06:03 ("The State of Web Commerce") we alerted you to the fact that the web is not a safe place and that 99.5% of web sites are not secure. The results of a new study indicate that may be because information services executives have a false sense of security and don't seem to be motivated to prevent security breaches.
The Ernst & Young/Information Week Information Security Survey queried 4,226 information services executives from 24 countries. The survey showed that 84% believe security is important and are investing in this area. But, despite the investment, 45% still have had or may have had breaches in security and only 57% monitor for network intrusion regularly.
Seventy-eight percent of U.S. executives said they have hired full-time information security personnel, and 16% have hired part time staff. But, as the companies are hiring more people, they do not seem to be creating security policies. Of those who have had a breach, almost half didn't have a firewall and 64% don't have a plan to implement when an intruder is detected.
Stephen M. Paroby, national director, Information Systems Assurance and Advisory Services at Ernst & Young said, "Clearly many companies have a false sense of security and think that, because they've beefed-up staffs and resources and installed a firewall, they don't need to worry about breaches."
When asked what was preventing them from successfully improving security, U.S. executives cited lack of budget, while global executives cited a variety of causes, including lack of employee and management awareness, tools, and budget.
For a copy of The Information Security Survey report call Ernst & Young at (216)737-1545.
