Firms still leave security to chance

Too many companies are still leaving the security of their websites to chance - adopting an 'it couldn't happen to us' attitude rather than implementing robust security on their site and servers.

PSINet Europe and Pan Security International (PanSec) conducted research which revealed the risks that companies are running by failing to protect themselves online.

Yet despite this the companies claim hundreds of thousands of firms are still leaving their websites open to attack.

The companies set up two 'dummy' websites resembling European banking sites. One site was left unprotected while the other was equipped with a standard firewall, and the number of hacker attacks each faced over an eight-week period was monitored and compared.

The research showed that the unprotected server was attacked 19,128 times, nearly ten times more frequently than the one protected by a firewall, which was attacked 1,672 times over the two months.

However, while this research shows that a firewall significantly reduces the risk of hacker attacks, more than one third of the attacks aimed at the secure site were classified as serious 'high risk' threats - theoretically carrying the potential to bring the system crashing down.

This means that even an effective firewall is still a ticking timebomb if poorly configured, vulnerable the second an as-yet undiscovered flaw is exposed. This should highlight to system administrators and IT managers the need to remain up to date with patching.

However, Neil Downing group product manager for PSINet Europe, said in a statement: "With the threat of cyber-terrorism being added to the increasing impact of email viruses and hacker intrusion, online security should be a primary concern for all firms. However, surprisingly more than 50 per cent of our customers do not have even the most basic of firewalls in place and that is a very conservative estimate. This is comparable to an individual not having a lock on their front door - in other words it's the most basic first line of defence."

The clear message would appear to be you will get attacked. Expect it, plan for it, prepare for it and survive it - because the downtime may prove a lot more costly than the security spend.