Web security

Although they’re taking the threat of Web security breaches seriously, few of Canada’s C-level executives are worried about becoming the target of an attack anytime soon, according to the results of a national survey.

The results were made public at a recent security seminar hosted by IT World Canada Inc., the publishers of CIO Canada, held in Toronto.

Sixty-one per cent of respondents said Internet security ranks among their top five concerns, and nearly three-quarters said they’re investing more money in security products now compared to 18 months ago.

But the poll of 150 Canadian business leaders, commissioned by Symantec Corp. and the Royal Canadian Mounted Police (RCMP), also found that few are equating those theoretical risks with day-to-day business.

“A lot of organizations did not feel they were at a high risk (of attack),” said Andrew Bisson, director of planning and market analysis with Branham Group Inc., the Ottawa-based market research firm that conducted the study.

In February, Symantec revealed that worldwide companies averaged 30 attacks per week over a six-month period.

The survey also contradicted popular wisdom, which says companies, fearful of what could happen to their reputations, tend to keep their security breaches a closely guarded secret. It found that half of those polled – nearly 60 per cent of whom were CEOs – would have no problem admitting to a breach. Of those, 86 per cent said they would report a future breach to authorities. Of that number, 17 per cent admitted to past breaches.

Survey respondents said firewalls, antivirus software and security standards made up the bulk of their security purchases. But Michael Murphy, general manager of Symantec in Canada, said a more “integrated” approach to security requires companies to move beyond those basics, into areas such intrusion detection and methodical security training.