Organisations may rely too much on IT security controls, the CBI suggests.
Organisations may be relying too much on IT security controls, the CBI Cybercrime Survey 2001 suggests. The report warns: ?The deployment of technologies such as firewalls may provide false levels of comfort unless organisations have performed a formal risk analysis and configured firewalls and other security mechanisms to reflect their overall risk strategy. Similarly, it is important that firewalls and other devices are regularly monitored and updated.? CBI member respondents rated lack of expertise, and the fact that computer criminals are ahead of law enforcers and law-makers, as their largest current cybercrime problems. More than one in three, 34 per cent, admitted that they do not know what fraction of their cybercrime losses they discover. The report suggests that hackers using the internet as the way into a corporate computer network are the greatest threat, rather than employee-insiders, regardless of whether a company has a heavy or small involvement in e-business. The authors argue that technological crimes (hacking and viruses) are dominating, as opposed to more conventional crimes such as credit card fraud whereby the internet is the new medium.Of those respondents that gave details of the most serious cybercrime they had suffered in the previous year, the most common event was a virus attack (43 per cent) followed by hacking (16 per cent) and adverse comments on the internet (10 per cent). The potentially very costly infringement of intellectual property (eight per cent) and illegal access to databases (seven per cent) were less frequent, or admitted.
Bad publicity feared
Respondents ranked adverse publicity as the main consequence of cybercrime, followed by disruption of business. Just under two-thirds, or 63 per cent of respondents said that a company director took responsibility for managing cybercrime risks. The report suggests a ?Superhighway Code? and calls for more cybercrime awareness, and a review at board level of internet strategy and the related risk management, ?ensuring an adequate response to any Turnbull assessment and to the need for compliance with statutory requirements (in relation to data protection and money laundering regulations) and appoint a director to oversee the area where the business strategy warrants it?. All respondents used the internet for e-mail, and almost all had a website; they had more confidence in business-to-business e-security than business-to-customer. Behind the survey besides the CBI were The Fraud Advisory Panel, risk management firm ArmorGroup, Pricewaterhousecoopers and the International Fraud Prevention Research Centre, headed by Professor Paul Barnes at Nottingham Trent University.
– The survey, subtitled Making the information superhighway safe for business, costs œ75 for CBI members, œ100 for non-members. ISBN 0 85201 553 7. For copies, ring 020 7395 8071 or e-mail email@example.com.