Computer Press!

Abingdon, UK, 8 September 2011 – More than two-thirds (70 per cent) of companies feel unequipped to effectively prevent and combat IT security threats, according to a survey carried out by Kaspersky Lab[1]. The majority of companies believe they have insufficient personnel, budget and knowledge, or that their systems are not adequately equipped.

When comparing the results throughout Europe, the numbers varied significantly: 82 per cent of French companies felt ill-equipped for IT risk; however the number reduced to 65 per cent for UK companies. Least concerned by a lack of network security resources was Germany, where only 52 per cent admitted concern.

“Despite comprehensive information campaigns by public bodies, as well as by software and hardware manufacturers, many companies still attach too little importance to IT security,” said David Emm, senior security researcher, Kaspersky Lab. “Studies show that 30 per cent of companies have still not installed adequate virus protection – even though the major data protection scandals of recent years, and the spectacular hacker attacks of the past few weeks, have demonstrated that insufficiently protecting corporate computer systems can cause considerable damage.”

Emm continued: “At the same time, state-of-the-art IT security software, with its centralized management and installation, simple update processes and large scope of functions, is making it easier than ever before for today’s companies to protect themselves.”

Please see below for further advice from David Emm, senior security researcher at Kaspersky Lab, around how businesses can implement an effective security policy:

Security tools are, of course, important. However, budgets can only stretch so far – particularly during an economic downturn. This makes it more important than ever for businesses to carefully marshal the resources they have available for optimal effect. In practice, this means having an effective security policy. One that is tailored for the needs of your business – not a one-size-fits-all template that [hopefully] incorporates industry ‘best practice’. For example, it’s essential to start by assessing the real risks to your business – rather than some speculative figure about the possible costs to the average organization.

It is also important to be able to measure security across the company – after all, you cannot manage what you can’t measure. To start with, this is the only way to provide a compelling case for IT security spending within your business. In addition though, it will enable you over time to see any gaps within the company’s defenses.

Here are the key building blocks of a security policy:

• Assess the risks
• Establish policies & procedures
• Create an outbreak response plan
• Deploy appropriate security solutions
• Define an update & patch strategy
• Document the policy
• Develop a staff awareness strategy

But remember that security is not unlike housework – it is only meaningful if you repeat the process at regular intervals.

Cross Post: Gem UK