KPMG warns of security deficiencies

Resellers are not protecting their Websites.

KPMG has issued a warning to resellers to tighten up on their information security or get ready to lose out to the competition.

In its 1998 Information Security Survey, the accountancy and consultancy firm claims there is a widespread lack of action to combat the problems of e-commerce security.

At a presentation of the survey results on 23 February, the company claimed 74 per cent of traders on the internet have not tested their Website security, and over half the systems need no user ID or password for external access.

Gerry Penfold, a partner in KPMG's information risk management division, commented that Websites were at risk when they were regarded as trading vehicles online to the company's system, rather than as advertising pages.

'One concern for dealers, from a security point of view, is the "denial of service" aspect. Attacks on a system, when it is snowed under with messages, can cause the system to shut down or fail,' he said.

He added that security weaknesses could lead to competitors getting in and stealing valuable information such as customer lists.

Penfold urged resellers and all companies selling through the internet to use testing services such as KPMG's own Penetration Testing Service to catch and patch up any security holes. In such scenarios, KPMG is hired to try to hack into Websites legally.

Michael Bacon, director of information security services at KPMG, pointed out that although e-commerce is a fast-growing area, it will be hard to benefit from it unless it is totally secure.

The survey, the second conducted by KPMG's Information Risk Management team, also revealed that not enough was being done to tackle the year 2000 and EMU problems.

The results of the first KPMG Information Security Survey were announced in 1996.