UK security 'most shameful in Europe'

[InfoSec News <isn () c4i org>]

http://www.silicon.com/software/security/0,39024655,39116690,00.htm

by Will Sturgeon 
October 30 2003 

Findings reveal British business is open to viruses, spam and pretty 
much anything else... 
 
Despite the proliferation of high-profile attacks and a spate of 
recent worm and virus outbreaks European businesses are still not 
heeding the warning to properly protect themselves. 

And the UK is up there among the worst offenders - with British 
businesses being put to shame by the near-watertight security in place 
within companies in Sweden and Germany. 

The findings are the result of a Europe-wide survey conducted by 
security vendor MacAfee. 

Across Europe, 28 per cent of companies surveyed have no measures in 
place to protect them against the new breed of 'blended threat' - such 
as Sobig and Blaster. 

But that average, when broken down, reveals a great disparity in the 
preparedness of UK firms. While 12 per cent of German firms admit to 
being open to attack by such viruses, the figure in the UK is a 
staggering 43 per cent, according to MacAfee. 

The UK's blushes are spared only slightly by the Dutch who manage a 
shocking 43 per cent. 

The level of preparedness varies greatly by country, with 12 per cent 
of German firms saying they remain undefended from such attacks while 
42 per cent of British firms and 43 per cent of Dutch firms are 
unprotected. 

However, Jay Heiser, principal analyst as TruSecure, believes the 
difference between the UK and Germany is due in a large part to 
different cultures with the server room - typified by a UK tendency to 
adopt a 'we know best' attitude. 

"The differences owe a lot to different philosophies regarding 
configuration control. In the UK there is a greater tendency to go 
with bespoke solutions and there is less appetite for configuration 
management, whereas German businesses will generally favour conformity 
in their configuration, and that is far easier to manage more 
effectively." 

However, Heiser warned against UK companies panic-buying security 
products to make up their shortcomings. 

"I've never seen that approach work," he said. 

Heiser believes many companies have probably already made all the 
investment they need and now just need to work out how to use what 
they already have. 

"Education is the most important thing. Companies would be far better 
off working out what they can get out of their existing security 
products and learning which are the vulnerabilities they most need to 
patch." 

With a keen sense of how to kick a nation while it's down, MacAfee 
also revealed that UK companies have the worst defences in place to 
protect their employees from spam. 

According to the survey, 40 per cent of UK companies have no spam 
filtering in place, while 28 per cent of UK firms said they have no 
plan to install such measures in the next 12 months. 

These last statistics are perhaps unsurprising given the problems UK 
businesses are clearly having getting up to date with email-borne 
malware such as worms and viruses. At this rate it is likely to be 
years yet before the UK starts to take control of the relatively new 
spam issue. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.