RELIANCE ON TECHNOLOGY MAKES FIRMS VULNERABLE TO SECURITY BREACHES

Computing

The reliance that technology, media and telecommunications companies have on digital information and technology has made them vulnerable to attack, with half suffering a security breach in the past 12 months.

A third of the breaches caused significant financial losses, according to recent research by the business advisory firm Deloitte.

The players are particularly exposed to attacks because practically their entire business revolves around digital information. Everything from voice telephony to prime-time television is created and transmitted as a series of zeros and ones -- making it vulnerable to infection, attack and theft, said Kris Budnik, director of Deloitte's security services group.

Digital television, online music sales, web advertising and internet-based telephony systems can be completely shut down by security attacks, translating into loss of customers and revenue. Media companies are having their content stolen by illegal downloads or by counterfeited discs, and telecoms operators represent a gateway to accessing information from their corporate customers.

Deloitte's survey of security practices at hi-tech and media organisations around the world confirmed previous findings that many companies underestimate the need for security.

Most are not investing enough time, money and resources to protect themselves adequately.

While the potential for financial losses is acknowledged, intangible factors such as brand damage, customer dissatisfaction, market erosion and lost productivity are often overlooked.

"The companies must recognise that they represent an increasingly attractive target," Budnik said.

External security threats such as viruses and worms get the lion's share of resources for digital security. Yet the risks from internal threats such as fraud, employee misconduct and human error are just as great. Among those companies whose security had been breached in the past 12 months, half were attacked from within.

Most security activities were limited to basic firewalls, anti-virus and antispam software and virtual private networks, said Budnik. More advanced threats were not adequately addressed, such as phishing, where identity details were stolen by creating a website that mimicked a legitimate company.

Phishing was a major threat to technology and media companies, yet only 18% used anti-phishing technologies. "Carefully structured security may not be a substantial source of competitive advantage, but it is a critical part of any mature and well-managed business," said Budnik.

It was a concern that just 4% believed they were doing enough to address security, with 54% citing budget constraints and lack of management support as the challenges, he said.

Business Day