IT Security In China Shows Cracks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:45 AM

IT Security In China Shows Cracks

Network and systems attacks on Chinese companies are growing. But many businesses have yet to build the sophisticated fortresses they need to defend themselves.

As U.S. businesses move aggressively into the burgeoning Chinese market, they had better investigate the level of IT security in place among the local companies that could become their customers and business partners. Chinese companies, it turns out, are getting hit by more computer-system attacks than their U.S. counterparts--and they're less prepared for many of the threats coming their way.

of Chinese companies will spend more than $100,000 in 2005 on information security
For anyone who thinks computer-system security in the United States is worrisome, consider the plight of Chinese companies: They suffer more viruses, worms, denial-of-service attacks, and identity theft than U.S. companies. And they face the onslaught on limited budgets with fewer protections in place.

Those are the findings of InformationWeek Research's 2005 Global Information Security Survey, conducted online in September in conjunction with management consulting firm Accenture. We matched the responses of 700 business-technology and security professionals in China with those of 2,540 business IT and security pros who completed the survey in the United States to conduct our analysis. Bottom line: Chinese companies have a lot of catching up to do, and they know it.

Survey respondents in China are anxious about the situation. Nearly half (46%) believe their companies are more vulnerable to malicious code attacks and security breaches than a year ago. They cite the increasing sophistication of threats, the diversity of attacks, and sheer volume as top reasons for growing susceptibility. (For results of our U.S. Information Security Survey, see "The Threats Get Nastier," Aug. 29)

Improving security is a slow process, says CIO Gao of Shanghai Hengrong International Transportation.

Improving security is a slow process, says CIO Gao of Shanghai Hengrong International Transportation.

Photo by Kevin Lee/Getty Images
Many Chinese companies have yet to implement carefully crafted security procedures. Among respondents reporting that their companies have become more or equally vulnerable to threats in the past year, 49% blame their susceptibility on the lack of an information-security strategy, 42% point to outmoded IT architecture, and 26% report inadequate software-patching procedures.

Complexity (55%), user awareness (53%), and budget constraints (30%) are their biggest challenges. "We're trying to educate our employees about the importance of IT security, but without enough investment, things won't change much," says Gao Hongfei, CIO at Shanghai Hengrong International Transportation Co. The Shanghai logistics and transportation company implemented information-security rules two years ago to inform employees of behavior standards, but it hasn't conducted regular reviews of these regulations since, Gao says. "In the past year, we strengthened the internal management by network isolation, bandwidth control, access control, portal limitation, and access control between different departments," Gao says. "Those measures have had some good effects on our information security, but not [enough]."


of Chinese companies will spend $100,000 or less in 2005 on information security
The once tightly controlled Communist country has undergone a free-market revolution of sorts. China last year became the second-largest destination for foreign investment. In August, Yahoo Inc. handed over $1 billion and its China unit to get a 40% stake in, China's hot E-commerce company. In September, General Electric Co. said it's buying a 7% stake, worth about $100 million, in China's Shenzhen Development Bank Co., just days after its GE Healthcare unit unveiled a $37.5 million expansion of its Shanghai production facility. GE wants to reach $5 billion in sales in China this year.

Despite growing Western influence, communism has left its mark on the way businesses perceive their exposure to high-tech threats. "China has had fairly strict government control over Internet use, causing many companies to think they are insulated from the need to defend themselves from malware attacks," says John Pescatore, VP for Internet security at research company Gartner. "The lack of appropriate protection to business services, PCs, and Internet connections are making them ideal conduits for security threats."

'Be Aware'

Worst OffendersThe problems aren't insurmountable. "Chinese companies are becoming more mature in how they deal with issues like security," says Ed Kamins, CIO at Avnet Inc., the $13 billion distributor of electronic components and computers. "We shouldn't be concerned or alarmed. Instead, we need to be aware and prepared to deal with security issues. They will, in time, become what we consider more normal."

Based in Phoenix, Avnet began its expansion into China five years ago, and it has acquired several companies in the process. Today, operations in China and Hong Kong include three operating companies. Business in Asia exceeds $2 billion annually, with most of it coming from China.

Avnet's approach has been to consolidate the systems of acquired Chinese companies with Avnet's own systems to form a global network and uniform applications. Avnet consolidated ERP systems in Asia into an SAP system, while the company's global network lets it centrally manage and monitor security breaches as well as install patches. "We've had regular attempts by all known security threats," Kamins says. "Yet so far, we've experienced no substantial disruption to our business or data."

Like Avnet's acquired companies, Bax Global (China) Co. has been able to insulate itself from IT threats by adopting the security procedures of its parent company, Bax Global Inc., a $2.4 billion supply-chain and transportation-solutions company in Irvine, Calif. "As we are the China branch of the company, we follow the security policies made by our headquarters," says IT infrastructure manager Luke Hu, based in Shanghai. "We use a firewall to protect our internal network. Access control, VPN, and antivirus software are also widely deployed in the company. We also do regular reviews to check the security of our network with our security vendors." In the past year, Bax Global (China) has invested in network security-surveillance systems and updated its security software.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll