Survey: Security concerns over IP convergence
- 09 November, 2005 10:23
As viruses and malicious software bloom, senior executives across a range of industries see security as their top concern in implementing converged Internet Protocol) (IP) networks, according to a joint study released by the Economist Intelligence Unit (EIU) and AT&T.
It's the second year in a row that the survey, which polled 236 executives in 50 countries, put security ahead of cost, their second greatest concern, director of global technology research for the EIU, Denis McCauley, said.
Security was ranked first at 26 per cent, followed by implementation costs at 23 per cent and the cost of new equipment at 19 per cent, the study said. Nonetheless, 62 per cent of the respondents expect to implement IP networks in the next three years, although 63 per cent felt that processing consumer data online put them at risk of security breaches.
McCauley said the study's results were not surprising so much as noteworthy in the respect that the greatest advantages of converged IP networks - openness across the enterprise to customer and company data - are also its greatest vulnerability.
Companies were also using more mobile devices, creating more possible entry points into networks, he said.
Executives, however, claim the biggest threat comes from people. The study showed that executives think most attacks come from inside their company as part of internal sabotage, spying by employees or simply unintentional mistakes.
Other threats such as phishing attacks - which mimic familiar commerce sites through emails to gain user names and passwords - are expected to increasingly target commercial organizations, the study said. In "spear" phishing, employees are sent an e-mail by someone masquerading as a higher-level executive asking for personal information.
It's likely the subordinates would respond quickly, the study said.
"The threats are evolving," McCauley said.
Increasingly sophisticated denial of service (DOS) attacks were also being directed against financial institutions, global offering manager for AT&T, Kees Vos, said.
The attacks were not by average kids but by professionals trying to make money, he said.
AT&T, which handled between 18 per cent to 20 per cent of all Internet traffic, collected data in an effort to try to predict emerging security threats, Vos said.