Twenty per cent of the UK's largest companies suffered
security breaches during the past year because of poor user
authentication practices and an over-reliance on passwords to
secure corporate IT systems, the Department of Trade &
Industry's latest Information Security Breaches survey has
revealed.
Theft of data from corporate systems caused severe disruption for
many businesses, tying up staff for an average of 10 to 20
man-days, and costing companies up to £100,000 to investigate each
incident.
The survey of 1,000 organisations revealed that many are placing
themselves at risk by moving to single-sign on systems, without
stepping up the security of their log-in systems. These companies
are more likely to report a security breach, the research
found.
"Single sign-on has many benefits, but if you are going to put all
your eggs in one basket, you have to make sure it is a strong
basket," said Chris Potter, partner at
PriceWaterhouseCoopers.
The survey showed that 87% of companies rely on user ID and
passwords alone to secure their systems and 7% have no access
control at all. Only 6% of companies, and 25% of large businesses,
use tokens, smartcards and biometric log-ins. Large firms have
reaped the benefit of these technologies, with just over 3% of
users suffering unauthorised accesses to their systems, compared
with 20% of companies that rely on passwords alone.
The research suggested that companies could improve security by
automating procedures for allocating staff access rights.
Full results of the survey will be released at Infosecurity Europe,
London, 27-29 April
www.infosec.co.uk