Blame employees for your security cock-ups
By Davey Winder in Editorial
Posted in Data Protection, Blog, Security, Internet on
That, at least, appears to be amongst the early findings of the 2008 Information Security Breaches Survey from the Department for Business, Enterprise and Regulatory Reform. Although the full report is not scheduled to be published until the week of the Infosecurity Europe show in London starting April 22nd, some early titbits are leaking out. Such as the fact that employee behaviour is key to improving information security.
The survey reveals, if that is not too strong a word under the circumstances, that companies are placing greater trust in their staff. 54% allow staff to access their systems remotely (up from 36% in 2006) while the proportion of businesses restricting Internet access to some staff only has nearly halved (from 42% to 24%), and only 9% give no staff access to the Internet.
Yet, at the same time, the survey also shows that staff are increasingly targeted by social engineering attacks and businesses are becoming increasingly concerned about staff behaviour on social networking sites when it comes to what is being said about them online. Hardly surprising when some staff have been posting confidential information on these sites under some kind of weird misaprehension that they are talking to a bunch of mates down the boozer.
So what is the corproate response? According to the report it is a hardening of technical controls:
Use of strong authentication has nearly doubled since 2006. 14% of small businesses and 53% of large companies now use strong authentication for some of their systems. Two-thirds of companies that allow staff to access their systems remotely require additional authentication over that access. Virtual Private Network (VPN) use is almost universal among very large businesses for remote access. 81% of large companies block access to inappropriate websites and 86% log and monitor staff access to the Internet.
Most encouragingly I guess, companies are making staff aware of usage and security policies and then monitoring behaviour. The proportion of companies that have an information security policy has quadrupled over the last eight years. Large businesses remain more likely to have a security policy; seven out of eight do so, and some of the 12% that do not have a security policy per se have an integrated overall set of business policies that include information security. Some 68% of companies surveyed that give a high or very high priority to security have a security policy (up from 55% in 2006 when the last ISBS was conducted) compared with 64% of those that treat security as low or no priority (up massively from 13% in 2006).
Rated: 100% (1 votes)
Loading ...Make a comment
Tag cloud
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- Cuil frozen out: market share drops to next to nothing
20 comments
- Windows XP: the invincible OS
- Gatecrashing the WiFi hotspot party
- The 24 year old software that is still going strong
- Home workers are sick
- Big Brother Apple
- Spear phishing Catch 22 for Salesforce.com
- Dumbest phisher in history revealed
- Is BT misleading consumers with Option 2 broadband?
- Why ecommerce fails
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Betting on Hubdub technology (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Slowly slowly catchee Government IT monkey (100%)
- Who needs another set of web standards? (100%)
- The 6.5 billion quid hello (100%)