Security at a standstill

Published: June 6th, 2007

Canadian businesses need to shape up when it comes to ensuring and maintaining overall IT security.

More than 1,000 Canadian business managers and executives participated in the recent Ipsos Reid survey which was conducted by CMS Consulting Inc and distributed by Ipsos Reid. Results showed that almost half of the respondents have been victims of a security breach or virus attack within the past five years.

Brian Bourne, president of CMS Consulting Inc. and the founder of the Security Education Conference Toronto (SecTor), raises the important point of being able to distinguish perception from reality.

“Some companies think if nothing has happened to them yet, nothing will,” Bourne said. But shockingly enough, “many companies have breaches and don’t even know,” he said. “Hacking into any system can be done with the right skills, tools and knowledge. Most companies don’t have the necessary mechanisms installed to detect these attacks,” he said.

There are a few reasons why companies bypass investing in security measures to protect themselves, Bourne said.

“Having the mechanisms to detect breaches requires technology and finances,” Bourne said. “You also need time to manage it because it’s not something you can just set up and forget.”

After conducting this survey, a general lack of awareness and education among companies was found. This is why CMS Consulting Inc. and Black Arts Illuminated Inc. have partnered up to hold the first annual SecTor conference event, which is set to take place this fall at the Metro Toronto Convention Centre.

“With SecTor, we want to make sure our customers know how attacks work,” Bourne said. “We want to make sure they know how to enable detection mechanisms so these things don’t happen.”

According to the Ipsos Reid survey, 67 per cent of participants think their staff would benefit from additional security training.

“Security isn’t something you can learn in one day,” Bourne said. “It’s something that’s ongoing.”

Bourne also said in recent years, there has been an increase in the demand for security solutions. The only thing he cautions customers about is knowing who their security solution vendors are since there are so many out there.

In addition, as Bourne says, one must truly “understand what the attack factors are. Because you can only put up road blocks when you have a good understanding of what you’re protecting and you know how to do it,” he said.