Employees ‘create most IT security issues’

These conclusions were made by the latest Global IT Security 2007 study, conducted by the audit company Deloitte and a recent study conducted by Proofpoint, an IT security company. The local producer of e-mail solutions, Axigen, warns that firms in Romania could lose up to EUR 150-200 million annually through malicious or wasteful use of e-mail such as phishing, spamming and social engineering.
At least 20 percent of the e-mails that go out from a company risk disclosing financial, legal or administrative data, the Proofpoint study found.
Even so, the Deloitte study found that although the financial institutions have suffered most over this, they do not get involved when it comes to the IT security of their clients. The same study suggests that 57 percent of total fraud attempts are made through e-mail. “In Romania, the most important initiatives in the IT security field are related to the periodical checking of the IT systems used by the e-banking processes,” said Radu Herinean, enterprise risk services manager at Deloitte Romania.
IT managers in Romania are more and more preoccupied by the confidentiality, integrity and availability of data.
Although the IT strategies are developed or applied at group level by each multinational company, often the security policy is determined by internal matters at companies, like the available budget or availability of specialized personnel, he added.
The results of the Deloitte study show that less than 70 percent of the companies that took part in the study have a strategy regarding IT security while only 10 percent of participants have an assigned security manager in charge of IT security matters. Given this, there is a huge gap between the level of awareness of IT security issues and the actions taken to prevent them.
The solution for these problems would be the better management of e-mail traffic.
“It is obvious that e-mail is the most efficient means of communication in business, so getting rid of it is not a viable option. We have to secure the inbox traffic and create clear regulations concerning the outbox traffic. It is very important to protect the receiver from spam and viruses received through e-mail, but also to be aware of the data sent to clients or business partners,” Liviu Anghel, chief security officer of Axigen, said.
The Deloitte study was conducted on managers of financial institutions in the Top 100 financial services providers from five regions: Europe, the Middle East and Africa, the Commonwealth of Independent States, Asia Pacific, North America and Latin America and the Caribbean.

Roxana Mihul