Businesses ignore security risk posed by own staff

Virus obsessed company chiefs are all too aware of the threats posed by insider attack but are failing to safeguard their assets against their own employees, according to a report by The Register.

The results of Ernst & Young's 2004 Information Security Survey warns that matters of information security will get increasingly difficult as the trend for outsourcing and external partnerships continues.

Edwin Bennett, global director of Ernst & Young's technology and security risk services said: "Companies can outsource their work, but they can't outsource responsibility for its security."

"Fewer than one-third of those companies conduct a regular assessment of their IT providers to monitor compliance with information security policies - they are simply relying on trust. Organisations have to demand higher levels of security from their business partners."

The Ernst & Young survey found that organisations moving towards an increasingly decentralised business model may remain focused on external threats such as viruses but internal threats are consistently under-emphasised.

Companies readily fork out for expensive software such as firewalls and virus protection, but are strangely slow to take similar precautions to safeguard their human resources.

More than 70 per cent of the 1,233 organizations questioned by Ernst & Young failed to list training and raising employee awareness of information security issues as a top initiative.

The result: increasing levels of "damage from insiders' misconduct, omissions, oversights, or an organizational culture that violates existing standards".

"More could and should be done to transform the skills and awareness of their people, who often present the greatest opportunity for vulnerabilities - and convert them into its strongest layer of defence," Ernst & Young's Bennett concludes.

Sources: The Register

print this article

Return to internet news headlines
View Internet News Archive

Share with: