Regional Workshop on Capacity Building in Public Policy Issues of Internet Use for Business Developm...
Download
1 / 22

Regional Workshop on Capacity Building in Public Policy Issues of Internet Use for Business Development - PowerPoint PPT Presentation


  • 312 Views
  • Uploaded on

Regional Workshop on Capacity Building in Public Policy Issues of Internet Use for Business Development in Asia and the Pacific . 18-20 October 2006 Bangkok, Thailand Mr. Evgeniy Moiseev, Advisor to International Union of Economists, Russian Federation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Regional Workshop on Capacity Building in Public Policy Issues of Internet Use for Business Development ' - Sophia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Regional Workshop on Capacity Building in Public Policy Issues of Internet Use for Business Development in Asia and the Pacific.

18-20 October 2006

Bangkok, Thailand

Mr. Evgeniy Moiseev,

Advisor to International Union of Economists, Russian Federation


Slide2 l.jpg
Information Security and Protection of the Information Issues of Internet Use for Business Development of Small and Medium Enterprises in Russian Federation


Introduction l.jpg
Introduction Issues of Internet Use for Business Development

  • In year 2005 the quantity of SMEs in Russia increased in 26 thousand and reached 960 thousands entities

  • Russian companies continue to embrace the internet enjoying the benefits of broadband connections

  • Security awareness in Russian business community has never been better. For example 90% of companies have anti-virus software in place and more than half of businesses believe that security is a high priority to their senior management of board


Slide4 l.jpg

However, the gap between the companies that are focused on information security and those that are not is widening

Spy ware, instant messaging, identity theft, Voice over IP telephony, and even MP3 players pose new security threats for businesses.

Roughly half of businesses while they may have anti-virus protection, typically lack basic security disciplines and may be over-confident about the effectiveness of their security controls


Slide5 l.jpg

  • Evaluating the risks, educating staff about them and implementing appropriate technical controls are all vital for success in tomorrow’s security landscape.

  • On August 15th 2006 The Russian Government signed a Decree on licensing the technical defense of confidential information.


Slide6 l.jpg

IT systems in general, and the internet in particular, are increasingly important to business operations

  • Nearly every Russian business in big industrial centers makes use of the internet; 97% have an internet connection and 80% of these are broadband.

  • About 50% of companies have a web-site, with 70% of these being externally hosted.

  • Dependence on IT continues to grow-only one in six small companies could operate their business without IT.


Slide7 l.jpg
IT systems in general, and the internet in particular, are increasingly important to business operations

  • Three-quarters of Russian rate security as a high or very high priority to their senior management or board of directors.

  • The main drivers for information security expenditure remain confidentiality, integrity and availability.


The priority given to security has translated into action l.jpg
The priority given to security has translated into action increasingly important to business operations

  • The number of companies with a formal security policy is increasing.

  • The average Russian company now spends 3-4% of its IT budget on information security.

  • 90% of businesses have anti-virus software.

  • 96% of companies filter incoming e-mail for unsolicited messages (spam).

  • But nearly half of Russian businesses that are confident have identified all significant security breaches in the last year.


Slide9 l.jpg

The improved controls appear to be having an effect. After big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • There are 30% of Russian companies had a security incident in the last year, down from 45% two years ago.

  • Large businesses are more likely to have security incidents, tend to have more of them and their breaches tend to be more expensive.


Security aware culture l.jpg
Security-aware culture big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • More than half of businesses spend less than 1% of their IT budget on information security.

  • Only 15% of companies have carried out security risk assessment in the last year.

  • Only 1 in 10 companies has security qualified staff

  • Majority of Russian small businesses have overall security policy, though most of them use the internet

  • *60% of companies fail to check the background of their staff

  • 80% organizations do nothing to educate their staff about their security responsibilities


Security threat for the future l.jpg
Security threat for the future big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • 80% of Russian businesses are not protected against spy ware.

  • 60% of transactional web-sites do not encrypt the transactions that pass over the internet.

  • Roughly 80% of companies that allow staff to connect via public wireless and do not encrypt the transmissions.

  • 80% of firms have taken no steps to protect themselves against the threat posed by removable media devices (e.g. USB tokens).

  • 2 in 3 companies that allow instant messaging (ICQ, MSN etc.) have no controls in place over its use.

  • Only half of the companies that have implemented Voice over IP telephony evaluated the security risks before doing so.


Attitudes to information security l.jpg
Attitudes to information security big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • The larger the business, the greater the reliance.

  • Companies that are heavily dependent on their IT are likely to assign a high priority to information security as those that are not. However, 10% of heavily dependent businesses do not see security as a priority.

  • Information security is most likely to be on the board’s agenda in financial services companies.


Security education l.jpg
Security Education big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • *The higher the priority that information security is to senior management, the more likely the company is to educate its staff.

  • **Traditionally Russian companies to whom security is not a priority at all, always carry out background checks.


Security skills and expertise l.jpg
Security skills and expertise big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • The number of qualified security professionals in Russia as well as in other countries, while rising , remains low compared to the total number of businesses.

  • Many small businesses cannot afford to hire full-time security professionals, and so lack the in-house knowledge to deal with today’s security issues.


Investment in security l.jpg
Investment in security big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Investment in security is a very delicate issue: benefits are often invisible and, however much is spent, there is no guarantee of safety

  • A significant number of Russian businesses are still not spending very much in information security.

  • Businesses whose worst incident involved staff misuse are the most likely to spend on security, averaging less than 8% of their IT budget.


Investment in security16 l.jpg
Investment in security big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Now majority of businessmen in Russia think it is important to invest in information security to enable business opportunities and improve efficiency.

  • Different sectors of businesses are tend to have different prioritiesdepending on its specific (intellectual property, customer information).


Viruses and malicious software l.jpg
Viruses and malicious software big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Almost every Russian company irrespective of size installs anti-virus software on its computers.

  • The internet gateway remains the most popular place to install the software. Increasingly personal firewalls installed on individual PCs now include some intrusion detection capability.

  • Interestingly, companies with intrusion detection or prevention reported more virus infections than those without.


Network and web site security l.jpg
Network and web-site security big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • At least half of Russian companies have a web-site. 60% of these web-sites are externally hosted.

  • Firewalls are still the main defensefor web-sites


Emerging technologies l.jpg
Emerging technologies big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Removable media devices are becoming smaller, more common and more powerful. MP3 players, USB data keys, digital cameras and portable hard discs all pose a potential security threat, since staff could download confidential data onto them and then remove it from the organization.

  • 50% of Russian companies allow Instant Messaging across the internet (e.g. through AOL, MSN Messenger, ICQ or Yahoo! Messenger).

  • The most common step taken against this threatis to tell staff not to use such devices and then changing PC configuration to prevent use of USB devices and encrypting confidential data.


Incidents of security breaches l.jpg
Incidents of security breaches big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

Large companies are most likely to suffer security incidents. Why?

  • Firstly, they have more staff, so the internal misuse increases

  • Secondly, the size and the typical presence in the internet makes them more attractive target for external attackers

    Despite having a higher risk profile, large firms appear better equipped to repel attacks.


Types of security incidents l.jpg
Types of security incidents big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Infection by viruses and malicious software

  • Human factor

  • Unauthorized access by outsiders

  • Computer theft and fraud

  • Systems failure and data corruption


Impact of breaches l.jpg
Impact of breaches big rises since the mid-1990s, the number of companies affected by security incidents appears to have stabilized. The cost, however, remains considerable.

  • Business disruption

  • Incident response costs

  • Direct financial loss

  • Damage to reputation

  • Total cost of incidents


ad