Check Point's Australia-New Zealand manager, Scott McKinnel, paints a different picture regarding security competence to that described by the Employers and Manufacturers Association in its recent computer security survey.
While the survey found smaller users are better protected than larger ones when it comes to security, McKinnel believes the real drop-out is in the middle.
Small, medium and large companies are three different markets, he says.
The largest companies are, generally, quite competent at looking after their own security and the smallest tend to outsource the problem to an independent integrator or to their ISP. The "second tier" is the problem. These firms are big enough to need in-house security, but often lack the skills, staff numbers or awareness of security issues that larger organizations have, McKinnel says.
Check Point has been studying this part of the industry in Australia and New Zealand and has plans to address its needs. Historically, Check Point has specialized in meeting the needs of large enterprises.
"It's a challenge to get awareness in the mid-sector," McKinnel says. "There's an attitude of: 'We don't need tight security. We're not a bank' or, 'Yes, we need it, but we can get everything in one box'."
The one-point solution, usually a basic firewall and intrusion detector, plus virus scanning, is probably inadequate for a sizeable company which is exposed both to an always-on internet and to personal devices that are used in the outside world by staff and then brought into the company and attached to the network, McKinnel says.
But guarding against viruses and worms is not the end of the story, he says. "Trojans and key loggers are far more insidious." While the typical business focuses on the traditional cracker who creates a nuisance or tries to cripple the system, "increasingly, the real issues are industrial espionage and identity management," McKinnel says.
The challenge involves making companies aware of the changing nature of the problem, as much as supplying and implementing security systems, McKinnel says. As a result, Check Point is tending to concentrate on education and consultancy these days, while its local partners do the actual selling. These partners, in turn, need to have their training kept up-to-date. Accordingly, Check Point is revising its accreditation procedures for resellers.