|
More
than half of UK businesses now provide
their staff with access to their information
systems over dial-up or the internet;
but companies are failing to take seriously
the corresponding rise in security breaches,
according to PricewaterhouseCoopers.
The firm led a consortium that conducted
research for the 2004 Department of
Trade and Industry's biennial Information
Security Breaches Survey.
Key
findings from the survey of some 1,000
companies include:
- All
sizes of UK business have significantly
increased their use of remote
access since 2002 when the DTI Survey
was last carried out; likewise a third
of companies now have wireless networks
compared to just 2% two years ago;
- Some
35% of businesses use Personal Digital
Assistants (PDAs),
57% in the case of large businesses;
- Wireless
networks are becoming a focal point
for external attack, with
8% of businesses that have them reporting
attempts at unauthorised access;
- Despite
the obvious threats, it is not always
the case that companies providing
remote access deploy additional security
controls - one quarter of businesses
rely on their normal network password
controls, despite the fact these are
often easy to 'crack';
- Large
businesses tend to deploy better controls;
twice as many had deployed a Virtual
Private Network (VPN), while three
times as many used two-factor authentication
or digital certificates;
- Similarly
with wireless networks, only one in
five of all companies used Wired Equivalent
Privacy (WEP) or other additional
encryption, while more than half of
wireless networks had no additional
security controls at all;
- Very
few organisations have woken up to
the risk posed by PDAs as indicated
by the fact that 58% of businesses
that use them have no security measures
in place to protect the business data
on them; large companies fare a little
better, but even then 38% have no
controls; and
- Those
controls that do exist are usually
on usage policies rather than technological
protection.
Andrew Beard, the PricewaterhouseCoopers
advisory director leading the survey,
said: "Businesses seem to be dragging
their feet when it comes to introducing
security controls over remote access
to their systems. There are several
reasons for this. First, many of those
who want remote access appear to be
the least aware of the additional risks
it entails and/or are senior people
in the organisation and have the power
to authorise it. Second, the majority
of companies do not analyse their security
incident in a way that enables them
to identify, which are caused by remote
access. Lastly, awareness of the available
security techniques is poor, leading
to inappropriate security controls being
deployed."
Results of the seventh, biennial survey
were published at the InfoSecurity Europe
exhibition and conference in London,
27th - 29th April.
Source: International Law
Firm, Masons OUT-LAW.COM
|
