Despite widespread concern that cyberterrorism is a legitimate threat to worldwide computer infrastructure, only 42 percent of Canadian CEOs felt it was a moderate priority to protect their companies from attacks, and another 19 percent said it was not a priority at all.
With 45 percent of the surveyed CEOs indicating that their company has been inflicted by a computer virus in the past year, 22 percent reporting that they have had computers stolen in the past year, and 20 percent saying they’ve been hit by outside hacker attacks, computer security is a serious threat, yet only 30 percent of respondents feel their security measures are very effective.
The research comes from an Ipsos-Reid survey, conducted on behalf of IBM Canada, among 250 CEOs of mid-sized (between 100 and 500 employees) Canadian companies in the summer of 2002, and the findings were somewhat contradictory.
The majority of CEOs didn’t express strong concern over attacks, yet 75 percent agreed that their IT systems and the information they contain is a major IT protection priority, and 66 percent indicated that ensuring the continuity of operations in case of a security breach is deemed a major IT priority.
The research indicates that almost all of the CEOs have security measures in place to help maintain the integrity of the IT structure, and keep the organization operational. Ninety-eight percent report having anti-virus software in place; 85 percent have firewalls; 68 percent use centralized single sign-on and access control software; 60 percent have intrusion detection systems; and 22 percent report using authentication devices.
More than half (51 percent) of the surveyed CEOs report that they are using outside independent consultants for IT security assessments, and 64 percent of that group report that they personally review the IT security assessments. This high level of CEO involvement is in line with findings from a poll initiated by the Information Technology Association of America (ITAA) and the META Group indicating that 93 percent of respondents feel that information security should be a matter of corporate board-level due diligence.
The survey of 138 U.S. IT managers, drawn largely from Fortune 500 firms, was conducted online in September 2002, and the results reveal an interpretation of security strengths and weaknesses.
On the positive side, 93 percent of respondents said at least one industry or government sector has embraced sound information security practices. Leading industries were banking and finance (22 percent), aerospace (18 percent), information technology (13 percent) and federal government (11 percent).
Leading the list of weaknesses were employee training (27 percent), information security processes and methods (18 percent), and background checks (11 percent). Technology worries included Web site security (11 percent), anti-virus software (11 percent), and firewalls (nine percent).
Seventy-seven percent of respondents felt the private sector was more advanced in hardening information systems than the public sector. The same percent termed the vulnerability of the public sector to cyberattack either high or extremely high; 65 percent said attack vulnerability within the private sector is high or extremely high.
Meanwhile, a September 2002 survey from computer security firm Central Command, Inc. found that average Internet users were also concerned about attack susceptibility, with almost three-quarters (74 percent) of the 66,296 respondents indicating that some form of cyberwarfare is likely to occur in the near future.
Among the respondents, most were from North America (42 percent), followed by Europe (27 percent), Australia (14 percent), South America (10 percent), Asia (5 percent), and Africa (2 percent), and 67 percent strongly feel that their respective country is not yet prepared to combat against such a major threat.
The results displayed a significant increase in virus awareness – a marked improvement from responses a year prior. When asked about the handling of email attachments from an unknown source, the results showed that 58 percent of the respondents would delete the attachment immediately and 41 percent expressed they practiced extreme caution when viewing any attachment regardless of the sender. However, 61 percent claimed to have been infected with a virus at one time or another, and 53 percent were victims of an intrusion attack
The majority (71 percent) of respondents state that they have antivirus software installed, with 36 percent updating it weekly, and 21 percent have a personal firewall installed.