Survey Find Businesses Need On-Line Security Focus
New Zealand businesses need a stronger focus on Internet security according to the esolutions Internet Security Survey released today, and esolutions says standard security tools are readily available.
The survey, also sponsored by Telecom New Zealand Ltd and XTRA Ltd, is the first published independent research into Internet security among New Zealand businesses. The businesses surveyed are representative of businesses employing between 5 and 100 people - these businesses employ over three quarters (76%) of all New Zealanders.
86% of Internet-connected businesses in New Zealand hold what they would consider to be sensitive and confidential information, with 62% transmitting confidential information across the Internet.
Over half the respondents surveyed (57%) said they were attacked by viruses this year. Further, 10% of the businesses surveyed were subjected to intentional security threats, breaches or attacks over the past nine months.
Despite this awareness of the need for security and the threat to business information:
- 57% of New Zealand businesses computer systems do not use firewalls that prevent these breaches or attacks
- 82% of New Zealand businesses do not use intrusion detection tools to monitor intrusion events and misuse
- 79% of New Zealand businesses do not encrypt files.
esolutions General Manager Designate, Sue McCarty says that the virus attacks and other breaches could have been avoided. She says that businesses of any size can confidently communicate and transact securely over the Internet.
Ms McCarty says that it doesn’t have to be complicated or expensive to protect business systems and information from intruders.
“Often, a small investment in security can end up saving a lot further down the track - especially when you consider the cost of losing important or confidential information.”
“Larger businesses can look at outsourcing just their online security, selected applications, or their entire infrastructure to a specialist infrastructure provider who is an expert in making systems secure. This allows companies to concentrate on running their business, safe in the knowledge that their online operations are secure.
“For smaller organisations, hosting options should be considered. This could mean having their web presence, some office applications or all of the company data hosted by experts. It is a very good option as it fixes the costs, ensures their information is secure and takes away all the risk.”
esolutions provides outsourced security packages to small and large New Zealand businesses including Blue Star Group, Tourism Holdings Ltd and DFS.
The esolutions Internet Security Survey was based on 400 telephone interviews with decision-makers in Internet-connected businesses with 5-100 employees throughout New Zealand. The survey was conducted between 20th June and 3rd July.
An alliance of Telecom New Zealand Ltd, EDS (New Zealand Ltd) and Microsoft New Zealand Ltd, esolutions develops a full range of building blocks that provide the infrastructure, trading and management tools to create ecommerce solutions. The building-block approach, on top of a robust infrastructure, takes the risk out of developing ecommerce solutions.
esolutions' applications allow online trading, document exchange; online product catalogues, fax integration, encryption, e-procurement and hosted software. These applications can be stand-alone or include other vendors' and custom-developed applications. esolutions provides the tools and their network of systems integrators combine these packages to make a complete solution.
The esolutions website (www.esolutions.co.nz) details the complete range of e-commerce solutions and puts potential customers in touch with a reseller. esolutions can help businesses of all sizes and complexities to fully participate in the online world ¡X from large online marketplaces to companies wanting their first web presence.
KPMG Commentary on eSolutions Security Survey
By Graeme Sinclair, KPMG Partner Information Risk Management.
NZ businesses are seriously risking their reputation and, maybe even their livelihood, due to the poor level of system security revealed in the results of the esolutions Internet Security Survey sponsored by esolutions, Telecom and Xtra.
The survey results indicate that small- to medium-size businesses in New Zealand are struggling to come to grips with the security requirements needed to secure their computer systems.
The most telling result in the survey is that New Zealand businesses may not even know whether their computer systems have been penetrated as 82% of New Zealand businesses do not have intrusion detection tools in place. This could be the reason known intrusions are recorded at a mere 8%.
The other result that raises a high degree of concern is that 58% of the businesses surveyed considered the information held on their computer systems was extremely or very sensitive and confidential.
One can only imagine the severe adverse impact on a business that either did not protect confidential customer information, commercially sensitive competitive information, or had their computer operations disrupted for a significant period of time. Such outcomes are entirely possible without adequate computer security in place.
Hackers when penetrating a target computer system, depending on their objectives, can choose any of the following options. They can:
- Obtain a copy of sensitive/confidential information without detection
- Disrupt/destroy the target systems
- Cause data loss
- Deface the business’ web site
- Capture the business’ systems and operate them remotely for their own purposes
The key issue for New Zealand businesses is to obtain an effective and cost- efficient solution. They do not need to understand the technical issues. They need a business solution that balances the cost of protection against the risk and value of loss. The cost of security relates directly to the criticality of the information requiring protection. A key difference with the loss of information versus a physical loss is that once information has been lost it can never be recovered.
Effective computer security cannot be provided by a single solution or action. It requires a combination of tools and behaviours to stay ahead of the would-be hacker. One of the key actions is to continually update the firewall software. Another requirement is for businesses to have a security health check conducted at regular intervals using a service like Internet Security Assess provided by KPMG.
The need for improved computer security will drive businesses to out-source their computing requirements including computer security to computer facilities management providers. The centralised facilities management model allows small business to obtain up-to-the-minute computer security and monitoring meeting recognised standards at a small business price.