Infosec 2010: The cloud and social networks leave UK businesses exposed to cybercrime

Information Security Breaches Survey shows security threats on the rise

Cloud computing and increased use of social networking sites pose a security risk to UK organisations

UK businesses and private sector organisations are vulnerable to new cyber attacks as they evolve in their use of new technology, according to a report by PricewaterhouseCoopers (PwC).

PWC will release the results in full at Infosec 2010 next week.

The company claims that hacking and denial of service attacks have doubled in the past two years and, as a result, IT security should be high on management’s list of priorities.

The company recently conducted its 2010 Information Security Breaches Survey, commissioned by event organiser Infosecurity Europe.

The results show that the rate of adoption of new technologies has accelerated over the past two years, with most respondents saying that they now use wireless networking, remote access and VoIP.

About 85 per cent of small organisations are now using wireless networking, almost double the figure from 2008, and 90 per cent of large businesses now give staff remote access to their systems.

During the economic downturn of 2008/09, CIOs looked to cloud computing to cut costs, according the report.

Cloud services are now used by more than three quarters of the organisations polled. Of these, 44 per cent said they were entrusting critical services to third parties. However, the government has been the least likely to relinquish control of critical services.

Alongside the rise in cloud computing, there has been an upturn in cyber attacks, with 61 per cent of large organisations having detected a significant attempt to break into their network in the past year, twice as many firms as two years ago.

Some 15 per cent of large organisations have detected actual penetration by an unauthorised outsider into their network in the past year, with 25 per cent of large organisations suffering a denial of service attack in the past year.

Chris Potter, partner, OneSecurity at PricewaterhouseCoopers LLP, said:

“Worryingly, only 17 per cent of those with highly confidential data at external providers ensure that it is encrypted. Virtualisation and cloud computing seem to be set to follow the trend, established over the past decade, of controls lagging behind adoption of new technologies.

"Given the increased criticality and confidentiality of information held on virtual storage, organisations need to respond quickly to close this control gap.”

The company added that staff using social networking sites also pose a new data leakage risk and organisations are reassessing their approach to controlling access to the web for their staff."

Use of software to block access to inappropriate web sites is slightly higher than two years ago. Nearly half of large organisations now restrict which staff can access the internet; less than a third did so in 2008.