Security firms say the weak defences at many smaller Kiwi IT firms is good for their business.
A survey released on Tuesday showed that 57% of such New Zealand firms don’t have a firewall. More than four-fifths don’t use intrusion detectors or monitors. And a similar number don’t encrypt files. Yet almost three-fifths (57%) were attacked by viruses over the past year, with 10% reporting deliberate breaches or attacks over the past nine months.
The survey of 400 firms employing five to 100 staff also reveals 86% of web-enabled business store sensitive and confidential information online, with 62% transmitting confidential information across the internet.
Tony Krzyzewski of Kaon Technologies says the eSolutions Internet Security Survey “confirms everything everybody knew.”
"To still have 57% of businesses not using firewalls is marvellous. It means great opportunities (for our business),” he says.
However, it was “most worrying” that so few firms used firewalls when they cost just $1600-$2500 and can protect against the latest virus attacks such as Code Red.
Krzyzewski says since last week, his firm has recorded 1000 probes every 15 minutes. The worm isn't causing damage but is a nuisance because it acts as a DOS attack and gobbles up bandwith, slowing internet connections.
Arjen De Landgraaf, director of Auckland-based Co-Logic says many small firms need to be “burned badly” before they take e-security seriously. De Landgraaf says many firms don’t even know how to check their firewall reports, or whether they have been intruded. He warns as Code Red attacks clog up the internet, border routers will become overloaded with traffic. They will need to be rebooted/reconfigured and one day there might not be enough skilled staff to do this.
Consequently, firms should use online alert services as the time frame of hacking threats from discovery to misuse is now just a few hours. “The early warning and information provided to actively counteract and minimise IT security risks before they surface at the business users’ desk has now become a critical component of any government and corporate IT security strategy," De Landgraaf says.
Brett Moore of Software Creations says the survey should help people take more notice of security. "Eventually people will outsource security issues, and insurance companies will adjust premiums if you have some security mesures in place. It will be like house insurance, where an alarm equals lower premiums," he says.