New Zealand businesses need a stronger focus on Internet security according to the esolutions Internet Security Survey
released today, and esolutions says standard security tools are readily available.
The survey, also sponsored by Telecom New Zealand Ltd and XTRA Ltd, is the first published independent research into
Internet security among New Zealand businesses. The businesses surveyed are representative of businesses employing
between 5 and 100 people - these businesses employ over three quarters (76%) of all New Zealanders.
86% of Internet-connected businesses in New Zealand hold what they would consider to be sensitive and confidential
information, with 62% transmitting confidential information across the Internet.
Over half the respondents surveyed (57%) said they were attacked by viruses this year. Further, 10% of the businesses
surveyed were subjected to intentional security threats, breaches or attacks over the past nine months.
Despite this awareness of the need for security and the threat to business information:
- 57% of New Zealand businesses computer systems do not use firewalls that prevent these breaches or attacks
- 82% of New Zealand businesses do not use intrusion detection tools to monitor intrusion events and misuse
- 79% of New Zealand businesses do not encrypt files.
esolutions General Manager Designate, Sue McCarty says that the virus attacks and other breaches could have been
avoided. She says that businesses of any size can confidently communicate and transact securely over the Internet.
Ms McCarty says that it doesn’t have to be complicated or expensive to protect business systems and information from
“Often, a small investment in security can end up saving a lot further down the track - especially when you consider the
cost of losing important or confidential information.”
“Larger businesses can look at outsourcing just their online security, selected applications, or their entire
infrastructure to a specialist infrastructure provider who is an expert in making systems secure. This allows companies
to concentrate on running their business, safe in the knowledge that their online operations are secure.
“For smaller organisations, hosting options should be considered. This could mean having their web presence, some office
applications or all of the company data hosted by experts. It is a very good option as it fixes the costs, ensures their
information is secure and takes away all the risk.”
esolutions provides outsourced security packages to small and large New Zealand businesses including Blue Star Group,
Tourism Holdings Ltd and DFS.
The esolutions Internet Security Survey was based on 400 telephone interviews with decision-makers in Internet-connected
businesses with 5-100 employees throughout New Zealand. The survey was conducted between 20th June and 3rd July.
An alliance of Telecom New Zealand Ltd, EDS (New Zealand Ltd) and Microsoft New Zealand Ltd, esolutions develops a full
range of building blocks that provide the infrastructure, trading and management tools to create ecommerce solutions.
The building-block approach, on top of a robust infrastructure, takes the risk out of developing ecommerce solutions.
esolutions' applications allow online trading, document exchange; online product catalogues, fax integration,
encryption, e-procurement and hosted software. These applications can be stand-alone or include other vendors' and
custom-developed applications. esolutions provides the tools and their network of systems integrators combine these
packages to make a complete solution.
The esolutions website (www.esolutions.co.nz) details the complete range of e-commerce solutions and puts potential
customers in touch with a reseller. esolutions can help businesses of all sizes and complexities to fully participate in
the online world ¡X from large online marketplaces to companies wanting their first web presence.
KPMG Commentary on eSolutions Security Survey
By Graeme Sinclair, KPMG Partner Information Risk Management.
NZ businesses are seriously risking their reputation and, maybe even their livelihood, due to the poor level of system
security revealed in the results of the esolutions Internet Security Survey sponsored by esolutions, Telecom and Xtra.
The survey results indicate that small- to medium-size businesses in New Zealand are struggling to come to grips with
the security requirements needed to secure their computer systems.
The most telling result in the survey is that New Zealand businesses may not even know whether their computer systems
have been penetrated as 82% of New Zealand businesses do not have intrusion detection tools in place. This could be the
reason known intrusions are recorded at a mere 8%.
The other result that raises a high degree of concern is that 58% of the businesses surveyed considered the information
held on their computer systems was extremely or very sensitive and confidential.
One can only imagine the severe adverse impact on a business that either did not protect confidential customer
information, commercially sensitive competitive information, or had their computer operations disrupted for a
significant period of time. Such outcomes are entirely possible without adequate computer security in place.
Hackers when penetrating a target computer system, depending on their objectives, can choose any of the following
options. They can:
- Obtain a copy of sensitive/confidential information without detection
- Disrupt/destroy the target systems
- Cause data loss
- Deface the business’ web site
- Capture the business’ systems and operate them remotely for their own purposes
The key issue for New Zealand businesses is to obtain an effective and cost- efficient solution. They do not need to
understand the technical issues. They need a business solution that balances the cost of protection against the risk and
value of loss. The cost of security relates directly to the criticality of the information requiring protection. A key
difference with the loss of information versus a physical loss is that once information has been lost it can never be
Effective computer security cannot be provided by a single solution or action. It requires a combination of tools and
behaviours to stay ahead of the would-be hacker. One of the key actions is to continually update the firewall software.
Another requirement is for businesses to have a security health check conducted at regular intervals using a service
like Internet Security Assess provided by KPMG.
The need for improved computer security will drive businesses to out-source their computing requirements including
computer security to computer facilities management providers. The centralised facilities management model allows small
business to obtain up-to-the-minute computer security and monitoring meeting recognised standards at a small business