| CSO study: limited security adopted despite heightened awareness of threats
The survey also uncovered that, while viewed by CSOs as the least effective security technology, passwords were overwhelmingly used by those surveyed. The study, which surveyed
more than 250 senior information security professionals throughout
the US, uncovered a range of opinions and trends on various security
threats, global security events, information value and emerging
security technologies. A full copy of the study can be accessed
at: www.rsasecurity.com/solutions/topics/whitepapers/CSOP_WP_1003.pdf When asked which security breaches would have the most effect on their organisations, respondents cited DoS (25 percent) and information theft (24 percent). Also cited were terrorist attacks (18 percent), computer viruses (12 percent) and identity theft/fraud (11 percent). Given the same list and asked which of these breaches would be most likely to occur against their company, more than 50 percent cited computer viruses, followed by DoS attacks (18 percent). Computer hacks, terrorist attacks, identity theft/fraud and others all received less than 10 percent each. In response to these threats: * 25 percent of security professionals surveyed have also become more cautious about conducting business online. * 84 percent have installed or upgraded anti-virus software, 71 percent have installed and/or upgraded physical security, 59 percent have implemented more advanced forms of identity and access management, 53 percent have added an anti-spam e-mail filter and 48 percent have reviewed the security policies of suppliers. "Anti-virus and physical security upgrades are important, but they represent the bare minimum in terms of security protection," Coviello said. "Organisations need to implement more advanced forms of identity and access management, or they'll continue to put their customers, their partners, and their employees at risk." The information security professionals surveyed were asked their opinions on the prevalence of a wide range of security technologies and techniques, including passwords, encryption, token-based two-factor authentication, biometrics, smart cards and web access management. Password protection, not surprisingly, was deemed most prevalent, with 92 percent citing significant to universal use. Distant seconds were web access management (54 percent) and encryption (40 percent). Token-based two-factor authentication (27 percent), smart cards (16 percent) and biometrics (4 percent) made up the remainder. However, when asked about the effectiveness of these technologies, encryption (89 percent) and token-based two-factor authentication (85 percent) were cited as most fairly to highly effective. Smart cards (75 percent), biometrics (74 percent) and password protection (62 percent) were rated by respondents as fairly to highly effective. "Let's face it - password protection is an oxymoron. It's like having the same key for your car, your house and your safety deposit box," Coviello said. "Companies need to recognise that to truly protect themselves, they need to implement stronger authentication - at minimum two factors and in some cases three." Opinions vary on which technologies will have the most impact on the future of information security. 75 percent cited identity management systems as having significant to high impact. Close behind were digital certificates (70 percent), biometrics (67 percent), smart cards (64 percent) and web services (64 percent).
•Date:
28th October 2003 •Region: N.America •Type:
Article •Topic: ISM |
