Global Execs Doubt Their Network Security

When it comes to network security, multinational corporations have plenty of room for improvement. Of the 500 executives interviewed for a KPMG report, 41% believe their companies are susceptible to a serious IT security breach.

The interviews, conducted with U.S. and European executives in August, suggest that some business decision-makers lack a big-picture perspective on security. About 40% viewed information security as "a strategic business issue that requires an integrated organizational solution"--while a significantly larger group (about 60%) said it's "a technology problem that can be handled by a technology solution." Meanwhile, 90% of respondents indicated that their companies had ongoing employee programs for security education, but the report didn't provide information on the extent of those training programs.

Peter Tippett, chief technical officer and founder of security-anagement company TruSecure Corp., says some forms of employee education are highly overrated--an opinion he says amounts to blasphemy in many security circles. Companies sometimes spend a great deal of time and money encouraging employees to change their passwords and make them more complex than, say, an anniversary date. But Tippett says compliance with such policies still falls far below the levels needed to make a difference. "If you have 500 people who aren't complying and can bring it down to three people, then that's good," he says. "But if you only take it down to 200 non-compliant people, then that still leaves 200 ways someone can attack you."

Sean Magee, VP of IS for document-management company Lanier Worldwide Inc., says his group focuses its educations efforts on compliance with the corporate E-mail policy, which he considers an important security measure. Says Magee: "Whenever there's media coverage about Nimda or the latest virus, we send out a communication telling employees we've updated our virus scanners, but also reminding them that if they receive an E-mail and don't know who it's from, it's best to throw it away."