Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Cybercrime & Hacking management > security > news

September 04, 2007

Firms failing to address key security threats, says NCC

Wi-Fi, VoIP and USB devices still getting beneath the radar....

By Computerworld UK reporter

Virtually all organisations are now addressing external IT security threats through measures such as virus detection, spam blocking and firewalls, but the threat posed by Wi-Fi networks, Voice over IP technologies (VoIP) and USB storage devices is still to be addressed by many, according to a survey by the National Computing Centre.

Advert

The NCC’s Benchmark of IT Strategy 2007 survey of practices in end-user organisations found that 40% of respondents have only partially secured their wireless networks, or not secured them at all, while just 15% of respondents have implemented VoIP security.

Stefan Foster, MD of the NCC, said: “Running unsecured Wi-Fi is like locking the front door but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk.”

Elsewhere, however, efforts to improve security are more visible, with the protection of data on laptop systems an area of considerable growth. Twenty percent of respondents said laptop security measures were in place, and a further 20% reported it under development or planned.

But the proliferation of small, high capacity USB data devices has also introduced a new security liability into many organisations, and while nearly 75% of respondents recognised that this liability needed to be addressed only 11% said they had fully implemented controls on USB/data-writing devices on the desktop.

The survey also reveals that:

- Just over 60% of respondents reported employing some IT staff who are mainly or completely engaged in IT security activities, but the incidence of security experts correlates very strongly with the size of the IT function

– over half of those with fewer than 25 IT staff employed no security specialists.

- The median estimated level of expenditure on IT security was 3.3% of total IT spending (staff and capital costs).

- The highest proportion of security spending was reported by the education sector, but the highest per-capita IT spending levels were reported by the finance sector.

- There is rapidly growing interest in authentication procedures – 40% of respondents reported single sign on access control for end users, but it was under development or planned by nearly 30%.

The National Computing Centre’s Conference on Business Continuity is taking place on the 20 September in Manchester.


Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Firms failing to address key security threats, says NCC - Cybercrime & Hacking - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*