Beruflich Dokumente
Kultur Dokumente
2
Technical Specification
Universe
Spanish companies less than 50 employees,
differentiating between the micro-enterprises (less than 10
employees) and the small companies (10- 49 employees).
Sample
2.206 organizations y 622 equipments
Sampling Distribution
Stratified random sampling (number of employees, sector
of activity and autonomous communities) with
proportional according to the percentage of use of internet
Capture de information
A Webpage created to the study diffusion and
participation + online interviews + Equipment online
analysis
Field Work
From February to July 2009
Sampling error
According to random sampling criteria
p=q=0,5 confidence level of 95.5%,
an margin of error of ±2,1% for n= 2.206 it’s established
3
Content
http://observatorio.inteco.es
4
Main Results
¾ Tools, Best Practices and security policies. Companies realize the importance of
their data and information located on their systems, have tools and/or
solutions to the team level and organizational level.
¾ The most used tools are antivirus programs (97.8%), firewalls (72.4%), access
control tools (66.8%) and anti spam programs (61%).
¾ Best practices: Data backup (94.2%) and the upgrade of operations systems and
programs (88.9%).
¾ Plan and policies: Security Plan (34.3%), security awareness plan (17.6%) and
business continuity plan (11.9%).
5
Main Results
¾ Security Incidences. The 48.4% of analyzed equipment during June of 2009 had
malware, mainly Trojans and adware, characterized by their high level of
diversification and heterogeneity.
¾ The e-confidence of the Spanish companies. 90.3% of small claims that Spanish
companies will give them confidence to perform online banking transactions
6
Sizes and safety habits
Implementation of security solutions based on the number of computers that are installed (%)
7
Sizes and safety habits
Reasons reported by companies for not using the tools and security solutions for equipment (%)
8
Security incidents
Incidencias de seguridad
Annual evolution of the level of impact on business equipment after conducting the safety audit (%)
100% iScan
90%
80%
51,6%
70% 60,0%
60%
50%
40%
30%
48,4%
20% 40,0%
10%
0%
2008 2009
Host malware No Host malware
9
Security incidents
iScan
1,8% 2,9%
0,7%
35,1%
32,6%
26,9%
10
Security incidents
1000
iScan
900
800
678
700
600
500
400
300
231
200
100 36
7 5 2
0
1 detection 2 detection 3 detection 4 detection 5 detection 6 detection
11
Security incidents
iScan
31,4%
51,6%
11,9%
5,1%
n=622
12
Consequences and response to incidents
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Si No No Sabe
n=2.206
13
Consequences and response to incidents
Installed / upgraded
42,9%
software / tools
Others 4,0%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
n=1.708
14
Consequences and response to incidents
It is located outside a
25,5%
security expert
Contact a technical
23,3%
service
Contact an acquaintance
3,7%
with knowledge
Others 1,2%
n=1.708
15
The e-confidence of small and micro-Spanish
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Si No
n=2.206
16
The e-confidence of small and micro-Spanish
European Comparison by the use of services through the Internet by businesses (%)
93,3%
84,0%
83,4%
100%
73,9%
90%
71,2%
70,9%
80%
70% 62,3%
49,2%
43,2%
60%
50%
31,9%
28,0%
25,8%
25,7%
40%
21,9%
21,6%
20,9%
19,9%
16,9%
15,1%
30%
11,6%
9,8%
9,8%
9,4%
20%
5,5%
10%
0%
España UE 15 UE 27
17
The e-confidence of small and micro-Spanish
Level of business confidence when making arrangements with the Public Service over the Internet,
according to company size
n=1.261
18
System safety indicators
100
90
80 76,1
73,2
70
60 54,4
51,1
48,4
50
40
30 23,8
21,0
20
10
0
Tools Security Politicans Global of E-confidence Malware Equipment at
indicator behaviour and plans security indicator incidents high risk
indicator indicator indicator indicator indicator
19
Finals Thoughts
9 The company size is a constraint when implementing the tools and security solutions.
Small businesses have a higher percentage installation of almost all tools.
9 We show that among businessman there is special concern about the availability of its
information technology infrastructure and supports it.
9 Small and micro Spanish have the perception that safety is a purely technological.
Should therefore improve in order to increase their levels of security and confidence.
9 They have also become aware of the risks that may exist, since a large percentage
believe they are not susceptible to a security incident to be considered "uninteresting"
for potential attackers.
9 Confusion and lack real business of what happens on their computers in the field of
security incidents.
9 Security tools are necessary but not sufficient, and can cause a false sense of security.
9 It is important that everyone involved join efforts to prevent security problems will check
the development of the Information Society.
20
DAFO Analysis
STRENGTHS WEAKNESSES
9 Good technological capacity 9 Existence of vulnerabilities, risks
9 High level of implementation of certain and impacts significant.
Internal security tools. 9 False sense of security.
9 High level of use of electronic 9 Focusing on the technological
Analysis signatures and other Internet services. dimension.
9 Increased level of awareness and 9 Slow progress in some areas.
adaptation in the field of data protection.
9 High level of e-trust.
OPPORTUNITIES THREATS
9 High level of commitment of the Public 9 Slow progress in security that might
Administration and business cause a loss of competitiveness.
External associations. 9 The mobile and wireless devices as
Analysis 9 Approach manufacturers of security potential security gaps for
products to the market for information enterprises.
security in enterprises.
9 Level of outsourcing of IT functions.
21
http://www.inteco.es
http://observatorio.inteco.es