Security may be a prime concern for Canada’s IT decision-makers, but that doesn’t prevent some severe lapses in judgment in maintaining network integrity, according to a study conducted by AT&T Global Services.The report, which examined the network security habits of executives and workers in more than 50 countries, was conducted earlier this summer and included interviews with 35 Canadian executives. Forty-seven per cent of respondents said they had opened e-mail from an unknown sender and 27 per cent commit their passwords to paper.
“Even though they are aware of the threats, the behaviour patterns they are demonstrating are perhaps not ideal. Education has to be a big part of any defence strategy,” said Richard Blacklock, director of business strategy and development for AT&T Global Services Canada.
Overall, executives said they were worried about viruses and worms, hackers and “accidental damage,” in that order.
The executives also rated security as the main concern when moving to converged IP networks, yet they are making that move in droves. According to the study, 62 per cent of Canadian respondents said they expect to have implemented IP networks through most or all of their organizations within three years.
“Convergence is happening,” said Blacklock. In this case, convergence refers to voice, data and video running on a single IP network.
“Companies are doing it and companies that aren’t today have active plans to do it. Irrespective of the security threat, companies are moving to converged networks,” said Blacklock.
But there remains much to be worried about, according to one analyst.
“Not everybody takes security seriously,” said Elroy Jopling, an analyst with Gartner Canada. “Eventually, they will get caught. In network security, the same kind of thing happens.”
But the advantages of converged networks are apparent, particularly when it comes to application development. “It should be cheaper,” said Jopling.
“With an IP network, you have one set of APIs for developing applications, whereas if you have Frame Relay and an ATM and various other networks, you would have a different set of APIs for each of those networks.”
The advantages associated with converged networks are a temptation for users, said Mary Kirwan, principal of Toronto-based security consulting firm Headfry Inc.
“I think there’s a lot of enthusiasm for (converged networks) because of the vast cost savings, but there may be trade-offs,” she said.
“There has been an elephant stampede into a technology that’s still (in its) very early days. I think a lot of these companies need to do a risk assessment to see that they even understand the issues,” she said.
Those issues include threats that are typically associated with e-mail and Internet traffic — such as spam, denial of service attacks and viruses — making their way into voice applications running over IP networks.
Many users may just be getting swept along with the tide, said Blacklock, and there is cause for concern.
However, there are a few executives that are making the necessary security investments. The AT&T study discovered that security portion of overall IT spending rose one per cent from last year to 14 per cent. That may not seem like a large jump, but “those are big dollars,” he said.
“Some of them — and we think wisely so — are investing in education for their employees so that their employees are aware of the various forms that these security threats can take. Things like phishing, for example, can only be stopped when the employee is aware of what’s happening,” said Blacklock.