Lack of Security Policy in companies
by Nikola Strahija on March 26th, 2003 Less than 20% of the companies have security policies that they relate to. Basic firewall protection is what makes them feel secure, and they always think that an attack will occur at their neighbours place, not theirs.
When looking at the focus of security of today it is still a fact that most companies still does not have a security policy. Statistics say that less than 20% of all companies have a policy to relate to.
This is worrying when at the same time hacking; intrusions, defacements and misuse are on every company's agenda. Still the companies that shout about the growing amount of threads have not considered or taken any action to implement a security policy
They often tend to lean back with a sigh and expecting these threads not to hit them but their neighbours.
The normal attitudes of these companies are also that a firewall or antivirus will keep them secure.
But then again what is a firewall with no policy for the configuration?
Suppliers of the products are often asked, "Just set it up as you use to" and this mentality makes the setup quite simple, but also often filled with holes and with no control from the company's side.
They are left with false feeling of security and have only got limited security. This is naturally mostly the case in smaller companies whereas large corporations have taken these things in consideration and are a lot more focused on the security.
