Holiday Period Poses Major Security Risk
Holiday Period Poses Major Security Risk For
gen-i identifies Top 10 Security Risks for NZ SME’s
AUCKLAND, Thursday, December 20, 2001 – Many small-to-medium sized businesses (SME’s) in New Zealand do not believe that the risk of hacking or cyber-attacks will ever hit their company, or alternatively believe their current security policy is adequate for today’s business environment.
However according to David Spratt, gen-i’s Technology Strategy Manager - Australasia, this is an attitude which could see a number of firms come unstuck.
“We have observed over recent times that many New Zealand businesses view security as important and implementation as necessary, but view the specific threat to them as relatively low and the overall perception is that no-one will attack their organisation.
This is a risk seeking approach, especially as the holiday break for most organisations’ is about to commence.”
As a result of this, gen-i, a leader in the security services industry, has recently developed a list of the top security risks that NZ organisations’ face. These include -
1. Flawed risk
assessment - i.e., 'who would want to attack us? - Not only
are large multinationals targets, but SME’s are also
attractive targets for hackers.
2. Assumption that virus protection is adequate security - Virus protection is seen today as an essential security measure for SME’s in New Zealand. Unfortunately for most of these businesses this is their ONLY security measure.
3. No method of detecting a security breach or compromise - While there may be a prevention security system measure in place, more often than not there is NO detection measure. This is the equivalent of a bank locking its doors but having no alarm system installed.
4. Lack of independent verification of system integrity - Outsourcing to an independent security specialist can provide vital checks of the system (i.e., gen-i security audit).
5. Invalid belief that information security is a firewall - Setting security policies in a company does not provide the same protection as a company firewall. If applicable, these should both be implemented as part of an overall security system.
6. No procedures for handling security incidents - When a security incident occurs there should be a set procedure outlining all possible actions, responsibilities and alternatives for the company.
7. Placing more importance on ease of use or cost, rather than security - Many New Zealand businesses underrate the importance of security measures and settle for ‘user friendliness’.
8. Trusting insecure messages, i.e. email or phone calls - Phone calls or emails can easily be tapped or hacked into, e.g. the ‘love bug’ virus was a good example of a virus using people’s email address books to send the virus on.
9. Implicit encouragement of staff bypassing security measures - Strict procedures required which must be adhered to at all times.
10. Having reactive rather than proactive security processes - Businesses should not wait for any of their own organisation processes to be breached – security plans should already be in place to prevent the occurance, e.g. companies should have a disaster recovery plan in place in case of a fire.
gen-i is a wholly-owned subsidiary of Cullen Investments Limited. gen-i's blue chip clients include Air New Zealand, Carter Holt Harvey, Department of Corrections, Department of Internal Affairs, Fencepost, Fonterra, Milburn Cement Limited, Ministry of Agriculture and Forestry, New Zealand Milk Products, Ravensdown, Simpson Grierson Law, The Warehouse, TranzRail and WestpacTrust.
gen-i limited is the first and largest New Zealand-based Australasian Internet integrator, focused on designing, building, implementing and supporting e-business solutions and systems for large corporate customers. With over 500 people, gen-i extends customer support worldwide – both online and through a network of service partners.
For more information please visit www.gen-i.co.nz