Fewer than 10 percent of break-ins to IT systems come from external hackers, according to a survey by security specialist NSC Technology. "Despite this, many chief information officers believe a firewall is enough to stop attacks," said NSC security consultant Gerard Doyle.
Doyle warned companies not to overlook the importance of writing a security policy that covers all areas of business as well as IT systems, as many IT directors had a slim grasp of their responsibilities when it came to securing all areas of the enterprise. "Many think they can plug in a solution like a firewall and a problem will go away, but it won't," he said.
Enterprises need to identify their assets and the likely threats to them before implementation, Doyle said. "That way you can ensure you are spending money precisely where it is needed," he said, noting that policies are rarely created this way.
He said that it is essential to include simple checks and balances in security policies such as ensuring that members of staff return hardware such as laptops and mobile phones on leaving the company. The cancellation of any expense accounts or credit cards which departing staff might have had can also be crucial, as such actions can save firms millions. --David Neal, IT Week, ZDNet UK