E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: ITbusiness.ca

Posted on November 28, 2007

      More than 55 per cent of small and midsized businesses (SMBs) and large enterprises report the volume of spyware they are battling has increased over the past 12 months, according to a recent survey by the Computing Technology Industry Association (CompTIA).

      About 54 per cent of the 1,070 respondents cited "lack of user awareness" as a major security challenge, said the Chicago-based worldwide group of IT professionals and companies.

      One Canadian security specialist said SMBs and individual users are low hanging fruits for attackers.

      "SMBs are very appealing targets for attackers, and users are typically the most accessible entry point," said Marc Fossi, manager of the Canadian security response team at Symantec Corp.

      There is a widespread need for periodically refreshed employee education, he said. "Users need to be educated on new threats and trends as they crop up. You can't just give one class and say that's it."

      Organizations are expending as much as 20 per cent of their IT budgets on security software and hardware products, but are concentrating training on the wrong people, said Steven Ostrowski, director of corporate communication for CompTIA.

      "They're certainly investing on protection, but most of the education is going to the IT staff. Only 35 per cent of the companies we polled are providing security training to regular staff."

      Ostrowski said this raises a major concern because when a large number of untrained employees have access to an organization's network they become a huge potential risk.

      The CompTIA recently commissioned TNS PLC, a London-based global marketing insight company to survey companies on their security concerns and practices.

      The pollsters interviewed IT managers and security administrators of organizations in industries such as retail, marketing, technology, education, finance, healthcare and government.

      About 95 per cent of the respondents were based in Canada and the U.S.

      Apart from low security awareness among employees, other challenges reported included: virus and worms (49 per cent); authorized user abuse (44.2 per cent); browser-based attacks (41.5 per cent).

      CompTIA noted that incidents attributed to browser-based, virus and worm attacks were down from last year's numbers.

      Protecting networks accessed by mobile or telecommuting workers also figured among the top security challenges that companies expect to face in the next three years.

      "Spyware was rarely mentioned as a concern a few years ago. It seems to have made a comeback," said John Venator, president and CEO of CompTIA.

      Spyware might be an annoyance for users, but it's consequences for IT administrators may be more severe - tying their hands as they attempt to deal with multiple attacks.

      "Even in a mere 10-person shop, clearing individual PCs of spyware results in serious downtime," said Ostrowski.

      Much of this could be easily alleviated, he said, by regularly providing line workers with basic security training.

      "Simple things such as not opening an unknown attachment or keeping a password secret could be discussed in small, inexpensive training modules."

      New workers, for instance, can be given basic security training along with the employee orientation they receive from the human resources department.

      "Explanation and rules about IT security will carry more weight coming from the top than from an IT personnel," Ostrowski said.

      And Symantec's Fossi suggests rather than just sending a broadcast e-mail to employees about a new virus, companies should hold information sessions about the threat.

      Trainers must focus on teaching users how to identify and respond to security threats said Robert Beggs, CEO of DigitalDefense Inc. a Toronto-based security firm.

      "A lot of the time, users cannot identify a security threat and do not know what to do or who to call when confronted with one," Beggs said.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.