The UK's largest companies are taking a piecemeal approach to IT
security, and the majority have little understanding of what is
meant by best practice in IT security, a survey of FTSE 500
companies has found.
Although most companies claim to be following best IT security
practice, when questioned closely, it was revealed that more than
40% are not taking the basic steps necessary to safeguard their
systems.
Fewer than 25% of the 148 firms questioned have heard of the BS7999
security standard for best practice, and only 10% of those that are
aware of the standard are seeking accreditation.
Despite this fact, 64% of companies already trading online believe
that poor security is hindering the growth of e-commerce, and 35%
say they are concerned about the public's lack of confidence in the
security of Internet trading.
The findings suggest that firms may be bypassing formal security
procedures in favour of technical quick fixes, such as installing
firewalls and virtual private networks.
"People are wasting their money on security. They are investing in
point security solutions when they should be stepping back from
day-to-day issues and taking a more structured approach," said
Martin Sutherland, head of security at consultancy, Detica, which
commissioned the research.
Most organisations plan to improve their security within the next
two years. Of those surveyed, 73% said that publicity surrounding
high-profile security breaches has encouraged them to add more
protection to their systems and 80% think that e-commerce will
eventually become more secure.
Of the companies not yet conducting business over the Internet, 25%
said they would do so within the next six months, 43% within a year
and 29% within two years.
Most companies favour trading over the Web, with only a handful
conducting business through digital TV and Wap devices.