French companies are concerned with their computer security
Friday June 30, 2006 at 6:13 am CST
Posted by Francois Paget
On Wednesday, the CLUSIF, Club for the Security of Information in France presented its study "Policies of Computer Security & Losses in 2005=E2=80=B3. The study concludes that French companies are increasingly setting up policies and procedures to protect their information system, however, they fall short on approving the budgets necessary to support them.
In a 58 pages document (in French), the association synthesizes testimonies of representative of 400 companies with more than 200 employees from all business sectors. Results show that in 2005 56% of French companies have a defined policy for information system security compared against only 41% two years ago when the previous study was conducted.
CLUSIF notes that only 38% of the companies envisage increasing budgetary resources to the security of information system, 46% announce that they will keep it constant, 4% will reduce it and that 12% have not made a decision. The study notes that upper management seems difficult to convince. They are not yet completely reassured by the correct use of the budgets that they have already accepted and approved for their company's security.
In addition, the study demonstrates a "strong will of control" on behalf of the people in charge of the information system security (RSSI). Most prefer to block the use of new technologies rather than to seek a solution for its secure deployment. Thus 76% of them prohibit webmail access, 73% refuse VoIP use, 56% prohibit Wi-Fi and 43% prohibit PDA and smartphones.
Regarding recorded losses, only 36% spoke about viruses and 2% about intrusions on the system. The major part, 56%, comes from design errors or software deployment, 47% are loss of essential services like electricity and telecommunications, 46% are errors of use.
Losses due to fortuitous causes remain most numerous. However malevolence and negligence are nevertheless present. At first, they appear weak numerically, but when we look at them cumulatively and then extrapolate on French companies as a whole, the number of announced incidents seems significant:
- Design errors in software deployment : 58%
- Loss of essential services : 47%
- Errors of use : 46%
- Theft : 44%
- Internal breakdowns : 37%
- Virus infections : 36%
- Natural disasters : 8%
- Physical accident : 6%
- Data disclosure : 4%
- Targeted attacks : 4%
- Malicious acts : 3%
- Sabotage : 3%
- Intrusion : 2%
- Fraud : 2%