Top Irish companies unaware of security vulnerabilities

22 Jul 2004

Many leading finance and Government organisations in Ireland have no central function for managing the effectiveness of their security technology, meaning they lack the ability to tell whether their systems are open to attack.

The findings come from a new survey of chief information officers in Ireland’s top 50 companies in the financial and government sectors. The management software provider Computer Associates, which carried out the research, found that many of these organisations have invested in ‘point solutions’ – technology designed to address one particular security requirement. However, 70pc of respondents said they did not have a central management or reporting system, so they have no way of knowing how these diverse tools work together.

As a result, most businesses are unable to report on security loopholes that may exist. Equally, it is difficult for them to identify if any assets are exposed to a security breach, or to tell whether allowing workers to access the network remotely represents a risk to the company.

However, the CA survey discovered a trend towards the centralisation of IT in central and local government to resolve the problem. According to CA, the frequent occurrence of virus attacks, malware, internal security breaches, vulnerabilities and hacking threats are causing the management and ownership of IT to become a central rather than departmental function.

Matt Brennan, Ireland country manager of Computer Associates, commented: “No one is denying that security is at the top of the agenda for an overwhelming proportion of businesses. However, the amount of information being produced by firewalls, VPNs, antivirus and other security devices means that the vital security ‘signal’ is often lost in a sea of security noise. This makes it very difficult for a CIO to gain a view of how security is working across the organisation and be sure all bases are covered.”

Brennan suggested that organisations need a way of pooling all of this security data and making sense of it. “Implementing a security management strategy means being able to automate the collection of data from all devices, ensure it’s accurate so people only react to real threats and standardise information so that everyone from the helpdesk to board level can access it. Subsequently, the chances of avoiding or minimising the impact of a security breach are that much higher,” he added.

According to Alan Lawson, a research analyst with the Butler Group, management capability is becoming the most important element to any genuinely holistic security policy. “This is where the pure-play security companies begin to struggle – they are, after all, competitors, and their ability to integrate can be hindered by this.”

By Gordon Smith