10 Mar 2004
Security breaches resulting from identity management flaws are rising and creating huge problems for businesses, research shows.
Identity management breaches affected one in 10 large companies last year, and half of them said it was their worst security problem of the year, according to the Department of Trade and Industry's biennial Information Security Breaches Survey 2004.
Further reading
The identity management part of the survey, sponsored by Entrust, found that confidentiality breaches tended to cause long term disruption to businesses, with 15 per cent of those that had been hot, reporting problems that lasted a month or longer.
'If you compare the problem of identity management to viruses, it's not growing as fast so the number of organisations that have had a major breach resulting from identity management is not as large,' said Chris Potter, the PricewaterhouseCoopers partner leading the survey.
'However, the large sting in the tail is that when people suffer financial fraud, theft or disclosure of confidential information, these breaches tend to be very, very significant to their business,' he said.
Confidentiality breaches resulted in the largest amount of staff time required to remedy the problem, at 10 to 20 man days. They also resulted in the largest monetary loss with 15 per cent costing £100,000 in legal fees, investigation costs and fines.
The survey found that companies are at least in part bringing the problem on themselves.
Some 87 per cent of respondents admitted to relying solely on user ID and passwords to identify users, while 7 per cent confessed to having no protection at all.
'Passwords are overwhelmingly the way people authenticate,' Potter said. 'There are really only early adopters using that have moved to strong authentication, and they tend to be in larger organisations.'
In addition, companies are being too lax when to comes to allowing staff to share passwords, and are not adding new staff fast enough to systems when they join, or perhaps more dangerous, removing access when they leave.
The research found that just two per cent of companies use biometrics to authenticate users, which is considered to be very strong authentication.
Contrary to popular belief, the majority of these identity breaches are not coming from inside internal sources.
According to Potter, 80 per cent of attacks are now being generated from external sources.
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Do you think the G-Cloud will be a success?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
Join us to meet other professionals tackling this issue, and hear from Goy Roper, interim head of ICT of Norfolk County Council how his organisation deployed a flexible and intelligent network to cope with the challenge
Date: 07 Mar 2012
Time: 9am
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
