Firms failing to address key security threats, says NCC

Virtually all organisations are now addressing external IT security threats through measures such as virus detection, spam blocking and firewalls, but the threat posed by Wi-Fi networks, Voice over IP technologies (VoIP) and USB storage devices is still to be addressed by many, according to a survey by the National Computing Centre.

Share

Virtually all organisations are now addressing external IT security threats through measures such as virus detection, spam blocking and firewalls, but the threat posed by Wi-Fi networks, Voice over IP technologies (VoIP) and USB storage devices is still to be addressed by many, according to a survey by the National Computing Centre.

The NCC’s Benchmark of IT Strategy 2007 survey of practices in end-user organisations found that 40% of respondents have only partially secured their wireless networks, or not secured them at all, while just 15% of respondents have implemented VoIP security.

Stefan Foster, MD of the NCC, said: “Running unsecured Wi-Fi is like locking the front door but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk.”

Elsewhere, however, efforts to improve security are more visible, with the protection of data on laptop systems an area of considerable growth. Twenty percent of respondents said laptop security measures were in place, and a further 20% reported it under development or planned.

But the proliferation of small, high capacity USB data devices has also introduced a new security liability into many organisations, and while nearly 75% of respondents recognised that this liability needed to be addressed only 11% said they had fully implemented controls on USB/data-writing devices on the desktop.

The survey also reveals that:

- Just over 60% of respondents reported employing some IT staff who are mainly or completely engaged in IT security activities, but the incidence of security experts correlates very strongly with the size of the IT function

– over half of those with fewer than 25 IT staff employed no security specialists.

- The median estimated level of expenditure on IT security was 3.3% of total IT spending (staff and capital costs).

- The highest proportion of security spending was reported by the education sector, but the highest per-capita IT spending levels were reported by the finance sector.

- There is rapidly growing interest in authentication procedures – 40% of respondents reported single sign on access control for end users, but it was under development or planned by nearly 30%.

The National Computing Centre’s Conference on Business Continuity is taking place on the 20 September in Manchester.


Find your next job with computerworld UK jobs