Directors blind to security weaknesses

Financial and managing directors are dangerously unaware of the risks surrounding digital business, according to a recent Mori poll.

The survey, commissioned by digital risk insurance specialist Safeonline, showed that only 24 per cent of directors at small to medium sized enterprises could identify a security risk without being prompted.

Mori found that damage caused by staff, whether by negligence or genuine error, is the most feared risk. When prompted by pollsters, 47 per cent of respondents said that innocent mistakes were the most likely cause of damage.

Most worryingly, when surveyors first asked the question and did not suggest answers, a mere six per cent thought that hackers were a threat. Only two per cent identified the risks posed by staff before the answer was suggested to them.

One third said that malicious action by disgruntled employees was a significant risk, while only 26 per cent thought that hackers could wreak havoc on their networks. This is despite recent high-profile attacks on sites owned by Compaq, and widely publicised viruses such as Kournikova and the Love Bug.

Nicky Perrott, head of e-Mori, said that network managers should be proactive and make directors face the risks.

"The gap between the spontaneous and prompted mentioning of exposures indicates that organisations believe that they're not at risk. It's not until they are encouraged to actively think about where their exposures lie that they realise this," he explained.

Roy Hills, technical director at security specialist NTA Monitor, believes it is up to network managers to make directors understand the risk and invest in security measures.

"It's like insurance, and there's no gain in that as far as directors see. But security threats can bring a business to its knees," he said.

Hills added that network managers should get on their board's back. "I don't think network managers see it as gaining kudos. It's a question of diligence," he said.

Also published in Network News