By Colin Barker, 23 April 2008 11:16
NEWS
A government-sponsored security survey reports that while the number of security breaches has dropped considerably in the past two years, the drop has come at a price.
The latest Information Security Breaches Survey, published yesterday to coincide with the first day of the Infosecurity Europe conference, reveals that IT managers and board-level executives are trying to keep their organisations secure, with some success. According to the survey, the number of security breaches has fallen by a third in the past two years.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
However, the survey also reports that, overall, the average spend on security defences by companies and organisations has almost tripled over the past six years.
Despite the relatively good news, the report warns companies and organisations are still leaving themselves open to attack. According to the report, four-fifths of companies that have had a computer or laptop stolen did not have the data on the computer encrypted. In addition, two-thirds of companies allow employees to remove data on unsecured USB sticks.
According to Chris Potter, a partner in PricewaterhouseCoopers and a survey team leader, "there are still two fundamental contradictions" exposed by the report. He said: "Some 79 per cent of businesses believe they have a clear understanding of the security risks they face but only 48 per cent formally assess those risks. Also, 80 per cent are confident that they have caught all significant security breaches but only 56 per cent have procedures to log and respond to incidents."
According to the report, "over the last six years the security landscape has changed dramatically". The survey details many of the improvements in security made by companies across the UK, including the following statistics:
- Ninety-eight per cent of companies now have software to scan for spyware
- Ninety-four per cent of wireless networks are now encrypted (versus 47 per cent in 2002)
- Fifty-five per cent have a document security policy (versus 27 per cent in 2002)
- Fourteen per cent use strong (that is, multi-factor) security authentication
On the other hand, to pay for this relative success in spreading awareness, expenditure on information security has risen from two per cent to seven per cent of IT budget since 2002, according to the survey.
The survey is produced by a consortium led by PricewaterhouseCoopers and the Department of Business, Enterprise and Regulatory Reform, and is carried out every two years.
Survey sponsors claim it is independent, yet it is financed by major IT and security vendors such as Symantec and HP, who sell software to the security market.
However, PricewaterhouseCoopers's Potter rejected any suggestion that the involvement of security vendors made the report less independent.
Potter told silicon.com sister site ZDNet.co.uk: "We are looking at every aspect of the report all the time to ensure that it is accurate and independent. Also, there is a long list of independent organisations who have checked out the survey and given us their comments on what is said."
Organisations that have reviewed the survey include the government parliamentary body, Eurim; the Jericho Forum; the National Computing Centre; the Information Security Awareness Forum; and the government campaign, GetSafeOnline.
Potter said: "These organisations would not lend their name to it unless they were happy that it showed a true and independent picture."
Comments
There are 3 comments. Join the discussion
1. Karen Challinor
Who needs to break in and steal data when it gets left in public places for anyone to pick up?
2. Radical Meldrew
I find this astonishing, especially considering the recent volumes of reported security lapses made by both private and public bodies.
Oh, hold on, this not just an ordinary survey - this is a government survey. They no doubt used a government-friendly demographic to get this result?
3. Chris Goodman
So much is endemic to "non thinking" people, both in management and at user level. Security of data - and equipment - very rapidly becomes a background matter, secondary to the individual's activities, and only comes to the fore at occasional pertinent moments. How often has one seen a computer unattended with on screen data showing or a laptop left working on a desk while the operator collects a drink. And the oft reported laptop losses from cars, taxis, etc where the responsible person has left to "do something else"
I dread to think how many unreported losses of flash drives there are and, by their nature, how much very recent data has been lost. The loss of a flash drive or a small USB pocket hard drive is easily covered as replacements are so cheap and anonymous.