COMPANIES and employees alike attach great importance to IT security. However, recent market research shows that many firms, including state administration authorities, underestimate the importance of proper IT planning. The result is inadequate crisis management plans and unnecessary and costly IT security risks.
In an effort to avoid or at least minimize IT security problems, three entities joined forces: KPMG, the Slovak National Security Bureau and Data Security Management magazine. The result is "IT Security in Slovakia," a report published evaluating the state of IT security in Slovakia's mid- to large-sized firms.
Among other things, the poll highlighted just how inefficient IT security systems are in Slovak businesses and organizations compared to their Western neighbours. Perhaps most alarming, only 46 percent of Slovak companies have a crisis management plan in place in case of an IT system failure.
Peter Oravec is a director at the Slovak National Security Bureau's (NBÚ) IT Security Department. According to him, information technology (IT) is otherwise known as "critical infrastructure".
"This means that problems in IT can significantly endanger the interests of the state, as well as society,", he told The Slovak Spectator.
The research conducted by KPMG, the NBÚ and Data Security Management concentrated on all aspects of IT security, including antivirus protection, secure communication and data transmission, as well as IT security plans implemented in cases of security risk incidents.
Oravec says the results are worse than he expected, and blames Slovakia's shortcomings on the fact that businesses and people are not using the security technologies that are on the market.
Despite the fact that state administration employees una-nimously attach importance to IT security, only 25 percent believe that the state administration pays adequate attention to IT security systems.
An analysis of why the state administration ignores IT security issues was not available. However, Oravec thinks that one reason is insufficient finances. Equipping an office with sufficient IT systems, let alone security systems, is expensive.
"So far, a general policy is in place that says that firstly, it is necessary to buy computers and IT equipment for every employee. Only what's left over, if any, is spent on IT security systems," Oravec said.
Most of the time, antivirus programmes are bought, but beyond that, investment is rare. Oravec explains the situation, using a car purchase as an example. "A car will always have security built in. You can't buy it without a seat belt. However, you can always buy a computer without a minimal security system installed."
The poll also showed some positive trends, however. It found that financial institutions, such as banks and insurance companies, are among the best prepared to cope with the threat of an IT security problem.
Employees in financial services institutions believe that they are 91 percent prepared for a security attack on their IT systems.
Advocates of IT security solutions say that companies cannot afford to ignore an investment in security systems. According to the poll, it appears that companies agree. Firms estimated their financial losses due to IT security failures, and the losses were great. One company admitted to having lost an estimated Sk500,000 (€13,000). Other losses, due to human error, were less, around Sk7,500 (€193).
"IT security in Slovakia" was published on the basis of data collected in a market research poll carried out between July and September 2004.
31. Oct 2005 at 0:00 | Magdalena MacLeod