Businesses Disregard Penetration Tests, Risk Attack
Along with the The Confederation of British Industry, the CBI, Compliance and Privacy has found that its own survey on business vulnerability shows great apathy. We learnt today [2 February 2006] that the CBI is urging medium-sized firms to have robust security systems to prevent online attacks
According to a recent CBI survey, 60% of medium-sized firms engage with their suppliers, partners or clients online. But 52% of these firms plan for no security measures whatsoever.
John Cridland, CBI deputy director-general, said: "The internet is a business opportunity that many firms are seizing with both hands. So, it is a serious concern that so many medium-sized firms are leaving themselves and others open to online attack and abuse. These firms account for over half of UK company turnover and are large enough to win contracts with big business."
Alun Michael, DTI Minister for Industry and the Regions said:“Small and medium-sized firms are engaging ever more closely with each other and with their customers online. In the future we will probably need to start thinking of the supply chain as being something more like a business ‘eco-system', where it is all the more vital for companies to protect their information assets.
Our own simple survey into Penetration testing shows the same cavalier disregard for even the most basic security measures. The results are astounding, worse than the CBI's figures:
The 44% who answered that they had no idea what it is had full access to this white paper prior to making their answer, but their ignorance is excusable if they voted prior to downloading. The poll mechanism prevents tampering. If we remove them from the equation then the figures come more into line with the CBI. It depends whether one takes the view that the 20% of the remainder who "Plan to do it" will actually do something, or whether this is "false comfort" planning. If we include them then 59% of business are aware enough to be protecting themselves and checking it. If we omit them then only 39% are. Or 61% are not!
What really worries us, and should, worry the CBI, are the people whose policy is not to test for security vulnerabilities. With attacks on networks rising this is surely an attitude that cannot persist?
Download your Free White Paper on Network Vulnerability Testing
Discuss This Article