UK businesses failing in e-crime protection

DTI survey shows increased corporate investment but lack of adequate security

Written by Daniel Thomas

Computing, 15 Mar 2006

Just one per cent of UK companies are taking all the necessary measures to prevent computer crimes within their organisation, according to a government IT security survey released today.

The Department of Trade and Industry’s (DTI) biennial Information Security Breaches Survey for 2006 shows that, despite increased investment, most companies lack sufficient identity and access management systems to guard against internal fraud and intellectual property theft.

Among large companies there was a small increase in security incidents, with insufficient identity and access management providing employees at one in five of these firms with unauthorised access to sensitive information.

‘Uptake in identity management is still fairly piecemeal, and even the adoption of single pieces isn’t good enough,’ said Andrew Beard, director at PricewaterhouseCoopers, which conducted the survey on behalf of the DTI.

As well as financial loss, unauthorised access to customer databases and intellectual property can damage a company’s reputation and even its share prices, says the report.

Part of the problem is that 80 per cent of businesses rely solely on passwords rather than adopting stronger forms of identity, such as tokens or biometrics, to secure business-critical applications and databases.

In large firms 70 per cent of employees have to remember between two and six passwords to access systems, which can lead to some staff writing them down.

‘It is worrying that firms are using just passwords. We know how crackable passwords are and how easy it is to get people to give them out through social engineering tactics, yet firms still rely on them,’ said Beard.

But Andrew Yeomans, vice president of information security at Dresdner Kleinwort Wasserstein, says identity and access management depend as much on business processes as on IT.

‘Companies need to make appropriate risk-based judgements, and must remember that convenience and the usability of systems is part of that.’

The full report will be released at InfoSecurity Europe in London in April.

What do you think? Email us at: mailto:feedback@computing.co.uk

  • Have your say
  • Send to a friend
  • Print this
  • Share

Tags:

reader comments

related articles

 
Communications

Infosec 2009: Better incentives required to stop data loss

Panel discussion highlights confusion, laxity and a lack of co-ordination 29 Apr 2009

Management

Two-thirds of organisations hit by data breach in last year

Public sector and financial services the biggest culprits 08 Jul 2009

Security

Recession prompts shift in cybercrime tactics

Stricter credit checks lead to more instances of hijacked accounts 24 Sep 2009

related whitepapers

today's top stories

Internet

Face facts: social media is the future

No organisation can afford to ignore the way business communications are changing 18 Mar 2010

Security

Is the data watchdog about to pounce?

Experts believe the Information Commissioner’s Office is itching to use its new power to impose hefty fines for data breaches. Martin Courtney reports 18 Mar 2010

Management

Lloyd’s of London gears up for regulation

CIO Peter Hambling tells Angelica Mari about how the insurance market has updated its IT infrastructure to comply with new regulations 18 Mar 2010

Communications

Protests greet new Digital Economy Bill amendment

ISPs, digital rights groups and Liberal Democrat supporters cry foul 05 Mar 2010

Management

IT Leaders' Forum in association with IBM

A unique opportunity to hear from expert speakers and engage in a debate about the future of the CIO job function 29 Jan 2010

> More news

Advertisement

Subscribe

Keys to successful Serviceā€Oriented Architecture implementation

This white paper explores best practices and general design patterns for service oriented architecture (SOA).

The Roadmap to IT Maturity — Matching Strategy to Infrastructure for Business Success

This paper defines a roadmap for matching infrastructure strategy to business success.

Advertisement

Keep up to date with the latest products, services and technologies from the world's leading IT companies; ITHound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

Latest poll

NHS centralised data

NHS centralised data

Do you think the NHS can be trusted to safely look after personal data electronically?

View poll results

> More polls

Latest audio and video articles

Video

HP unveils S Series notebooks

'Prosumer' line overhauled 01 Mar 2010

Web Seminar Listings

Preparing for enterprise-scale Windows 7 migration

The web seminar on 18 Feb will discuss how Windows 7 migration can increase IT efficiency in large enterprises, freeing up budgetary and personnel resources to focus on business innovation. Our panel of experts will examine the strategies, tools and services IT leaders can use to migrate successfully and reap the rewards of increased efficiency. 19 Feb 2010

> More audio and video

Latest in-depth articles

Smiths Group CIO Brian JonesAnalysis

Q&A: Brian Jones, CIO, Smiths Group

How should conglomerates be looking at the new IT technologies coming through? Brian Jones explains. 19 Mar 2010

Analysis

What security strategy should enterprises adopt after the recession?

Act now to put your your firm on higher growth path advise CISOs 19 Mar 2010

> More in depth articles

Primary Navigation