Infosec 08: Breaches caused by employees breaking trust
By Asavin Wattanajantra,
UK businesses are finally starting to implement sensible security policies, but major work needs to be done on employee and management awareness, according to the Information Security Breaches Survey, released at Infosec 2008 by the Department for Business, Enterprise & Regulatory Reform.
Figures showed that the vast majority of businesses (79 per cent) thought that they had a clear understanding of the problems that they faced.
However, doubts were raised about whether they fully comprehended the scale of the problems that they were facing, with only 55 per cent reporting they have a security policy and 56 per cent having any procedure in place to log and respond to incidents.
"There is a great chunk of cynicism in me. I'm delighted by that figure (of 79 per cent of businesses understanding the problem), but I'm wondering, having asked that question, whether management really understands the severity of the situation," said Martin Smith, chief executive of training security provider The Security Company, commenting at Infosec on the findings.
"It's one thing to say that you understand the risks of smoking, it's quite another thing to give it up," he added as an analogy.
Smith claimed that the difficulty now in security was that although security awareness was there, trust was now being given to staff in the forms of remote access, remote working, internet access and instant messenger access.
"It's all good stuff for businesses, but of course this increases the profile of the risk enormously," said Smith. "It also indicates that any breaches from now on are not of security, but of trust," said Smith.
"There is a world of difference between breaching security, where you have countermeasures in place, and breaching the trust that management are placing in their staff," he added.
Smith said this was shown by the fact that many of the incidents that happened at the end of last year were to do with data loss where security failures were due to simple mistakes, usually involving employees.
"Simple, simple mistakes resulting in breaches of security which many of the simple techniques that we use can't possibly hope to defend against," Smith said.
"But you can see they are increasing all the time, and that is apparent in the headlines, and is becoming apparent to business managers all the time."
The chief executive said that although many businesses had got the technical controls sorted out, now they needed to address the human element and raise awareness.
For more Infosec 2008 coverage, see IT PRO's roundup page here.
advertisement
Latest Security Features
Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: 
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?