DTI survey shows increased corporate investment but lack of adequate security
Just one per cent of UK companies are taking all the necessary measures to prevent computer crimes within their organisation, according to a government IT security survey released today.
The Department of Trade and Industry’s (DTI) biennial Information Security Breaches Survey for 2006 shows that, despite increased investment, most companies lack sufficient identity and access management systems to guard against internal fraud and intellectual property theft.
Among large companies there was a small increase in security incidents, with insufficient identity and access management providing employees at one in five of these firms with unauthorised access to sensitive information.
‘Uptake in identity management is still fairly piecemeal, and even the adoption of single pieces isn’t good enough,’ said Andrew Beard, director at PricewaterhouseCoopers, which conducted the survey on behalf of the DTI.
As well as financial loss, unauthorised access to customer databases and intellectual property can damage a company’s reputation and even its share prices, says the report.
Part of the problem is that 80 per cent of businesses rely solely on passwords rather than adopting stronger forms of identity, such as tokens or biometrics, to secure business-critical applications and databases.
In large firms 70 per cent of employees have to remember between two and six passwords to access systems, which can lead to some staff writing them down.
‘It is worrying that firms are using just passwords. We know how crackable passwords are and how easy it is to get people to give them out through social engineering tactics, yet firms still rely on them,’ said Beard.
But Andrew Yeomans, vice president of information security at Dresdner Kleinwort Wasserstein, says identity and access management depend as much on business processes as on IT.
‘Companies need to make appropriate risk-based judgements, and must remember that convenience and the usability of systems is part of that.’
Just one per cent of UK companies are taking all the necessary measures to prevent computer crimes within their organisation, according to a government IT security survey released today.
The Department of Trade and Industry’s (DTI) biennial Information Security Breaches Survey for 2006 shows that, despite increased investment, most companies lack sufficient identity and access management systems to guard against internal fraud and intellectual property theft.
Among large companies there was a small increase in security incidents, with insufficient identity and access management providing employees at one in five of these firms with unauthorised access to sensitive information.
‘Uptake in identity management is still fairly piecemeal, and even the adoption of single pieces isn’t good enough,’ said Andrew Beard, director at PricewaterhouseCoopers, which conducted the survey on behalf of the DTI.
As well as financial loss, unauthorised access to customer databases and intellectual property can damage a company’s reputation and even its share prices, says the report.
Part of the problem is that 80 per cent of businesses rely solely on passwords rather than adopting stronger forms of identity, such as tokens or biometrics, to secure business-critical applications and databases.
In large firms 70 per cent of employees have to remember between two and six passwords to access systems, which can lead to some staff writing them down.
‘It is worrying that firms are using just passwords. We know how crackable passwords are and how easy it is to get people to give them out through social engineering tactics, yet firms still rely on them,’ said Beard.
But Andrew Yeomans, vice president of information security at Dresdner Kleinwort Wasserstein, says identity and access management depend as much on business processes as on IT.
‘Companies need to make appropriate risk-based judgements, and must remember that convenience and the usability of systems is part of that.’
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: