UK-companies schatten virusrisico en -oplossing onjuist in.

  • Bron (c) 2002, VirusAlert / McAfee

Recent onderzoek in het Verenigd Koninkrijk heeft aangetoond dat ondanks veelvuldige virusuitbraken, veel bedrijven nog steeds denken voldoende beschermd te zijn. Uit het onderzoek, dat in opdracht van McAfee ASaP is uitgevoerd door onderzoeksbureau Vanson Bourne, blijkt onder andere dat 92% van alle onderzochte bedrijven vind dat ze voldoende doen aan de bescherming van hun netwerk, terwijl 82% van de bedrijven aangeeft in het afgelopen jaar toch slachtoffer te zijn geweest van een virusaanval.

Verder blijkt uit het onderzoek dat veel IT managers hun antivirussoftware niet op tijd updaten, en dat virusuitbraken vaak worden afgeschoven op de eindgebruikers binnen de organisatie in plaats van op gebrekkige beveiliging.

Het onderzoek is uitgevoerd in opdracht van McAfee ASaP, de managed services divisie van McAfee Security, en toont aan dat er nog de nodige verwarring bestaat over de voordelen en de kosten die verbonden zijn aan het uitbesteden van virusbescherming. 30% van de respondenten noemde de kosten als de voornaamste reden om de virusbescherming zelf te blijven doen, terwijl 27% van de respondenten de kostenbesparingen juist noemden als het belangrijkste voordeel van uitbesteding.

Meer informatie over de resultaten van het Vanson Bourne onderzoek en over de managed services van McAfee ASaP treft u aan in het onderstaande persbericht.

McAfee Research Identifies Complacency Amongst IT Managers as Biggest Security Risk to Corporate Networks

research issued today by McAfee Security, a division of Network Associates (NYSE: NET) has revealed that, despite the continued prevalence of virus attacks, UK business is still walking a tightrope with its anti-virus management and policies. The research, conducted by Vanson Bourne, revealed that the recent drop in serious virus outbreaks has caused the security issue to drop off the IT managers ‘to do’ list as businesses become complacent that the security measures they have in place are sufficient to secure their networks. The results also point to an inadequate level of protection amongst business networks that pose serious worries about the damage that may be incurred the next time a serious virus hits.

The research went on to reveal some alarming statistics about the state of security within UK businesses including:

Resource issues overlooked. 82% of respondents have suffered a virus attack in the last 12 months and 34% had experienced virus-induced downtime, yet 92% of IT managers still believe they have sufficient resources to manage security
Irresponsibility causes attack. 40% of respondents blame end user irresponsibility for virus attacks while 28% put it down to not updating anti-virus software Too slow to update. Only 15% of companies update their anti-virus software hourly while a huge 40% update weekly or monthly
Cost confusion. The largest group of respondents (30%) cited cost as a major barrier to embracing a hosted security solution yet the most popular benefit of outsourcing was a reduction in costs (27% of respondents)
No trust in experts. 56% of respondents were adamant that outsourcing their security to an anti-virus vendor would not improve the effectiveness of their AV defences. 35% were open to the idea

“With 82% of companies being hit in the last 12 months, viruses are still a major security worry for most companies,” said Sal Viveros, director of McAfee ASaP. “What’s most worrying is the lack of acknowledgement on behalf of the IT manager about where the root of the problem lies. 82% is too high a percentage for businesses to really believe their defences are ‘watertight’, yet 92% of companies think they have sufficient resources to secure their networks. Businesses need to realise that if they are suffering this level of attack then they need to address the amount of time they’re devoting to the security of their network.”

“40% of IT managers put the blame firmly on the end user for their company suffering a virus attack,” said Graham Opie, director of market research agency Vanson Bourne. “This suggests that employees don’t get the education they need to keep their company’s networks secure. The fact that 92% of IT Managers believe they have effective security management shows that they are ignoring the “people” angle.”

83% of viruses attacking businesses in 2001 came from e-mail attachments according to the ICSA labs virus prevalence survey 2001. The research also revealed that the rate of virus infection had risen to 103 infections per 1000 PCs per month in 2001 compared to 98 per 1000 in 2000 and 10 per 1000 in 1996. In addition, research from Computer Economics estimated that virus attacks had cost businesses an average of $69,000 (£48,000) during 2001.

“Updating is also still a problem. With the number of new blended threats, such as Nimda, companies need to be updating on a daily basis if they’re to ensure their networks aren’t compromised, yet 40% of those surveyed only update every week or every month. It’s only when the next big virus brings down the network that the need for daily or even hourly updates will be acknowledged.”

A recent IDC report on outsourcing and ASPs indicates the ASP market growing to 28 billion dollars globally by 2006. The big market growth area is Europe, Middle East and Africa. A separate IDC report from November last year revealed that at present, only 10 per cent of companies are outsourcing applications, while just 23 per cent have any firm plans to do so in the next two years. This is despite a projected return on investment of about 400 per cent when using ASP services. The two most commonly outsourced applications, according to Frost and Sullivan, were accounting software and email with about 19% and 16% respectively.

35% of respondents stated they would consider outsourcing their security to an anti-virus vendor illustrating some change in IT manager’s views of managed security service providers. 20% also stated there were no barriers to outsourcing security illustrating that hosted or managed security services are now a viable proposition. To support this, 14% of businesses surveyed already outsourced their security.

Over 50% of respondents indicated that they did not consider that putting the management of their anti-virus software into the hands of the experts would make their defences more effective indicating a widespread lack of trust of the hosting model amongst IT managers.

“My response would be if you can’t trust the experts, who can you trust?” commented Viveros. “Companies are still apprehensive about the hosting model and need educating that third party security management is a safe and secure option for their network.”

Despite the increased acceptance of security outsourcing, there are still several perceived barriers to putting the management of security into someone else’s hands. Almost a third of those surveyed (30%) stated cost was the main reason they would not consider outsourcing, whilst 18% cited the lack of confidence in third party management. 22% stated that internal policies were the biggest inhibitor. To add further confusion, 27% of companies stated that cost saving was the biggest advantage of putting security management into someone else’s hands.

Computer Economics research recently estimated that updating and managing anti-virus software was 80% of its total cost, while the cost of the actual license price equated to only 20% of the total cost of ownership. Managed security services such as McAfee ASaP are designed to manage down the 80% cost and take the management headache out of the hands of the IT manager. McAfee ASaP offers hosted anti-virus protection for as little as $2.99 (£2.00) per PC.

“Managed security service providers can make significant savings for businesses on their security investment,” stated Viveros. “As well as saving money on the amount of resource devoted to security, businesses can make huge cost savings on issuing updates and the reduction in attacks that compromise their network. Services such as McAfee ASaP offer continual updates to every PC every time they connect to the network meaning that the chances of falling foul to virus attack drop to near zero.”

Respondents identified other key advantages of the outsourced/hosted solution as the fact it was someone else’s problem (21%) and the fact it would offer up to date protection (22%). 16% stated there were no advantages to outsourcing security indicating a degree of scepticism amongst IT managers.

McAfee ASaP is McAfee Security’s managed services division built around the leading security technology from Network Associates. The services offer web-based gateway and desktop anti-virus and firewall protection, VPN capabilities and vulnerability assessment services, delivering the same level of protection found in the industry’s leading software and hardware boxed solutions in an online model.

Vanson Bourne, a specialist IT research consultancy, interviewed 100 IT managers on McAfee’s behalf in March. The purpose of the research was to investigate the current state of security management amongst IT managers, and evaluate what the barriers were to them adopting new management techniques and solutions.

McAfee ASaP