Businesses are falling victim to destructive computer
viruses and hacking attacks because they wrongly assume that
firewalls are sufficient to protect their networks, the latest DTI
Information Security Breaches Survey has
revealed.
More than 33% of companies experienced hacking attempts on their
websites last year, and 4% said their systems had been penetrated
by hackers, the survey of 1,000 organisations found.
Yet more than 70% said they were satisfied with the security of
their systems and were confident that they could detect and prevent
security breaches.
"The mismatch between the level of confidence organisations have
and the number of incidents they are experiencing is worrying.
There is no evidence to show that confidence is justified," said
Andrew Beard, security consultant at PricewaterhouseCoopers.
Over the past two years the number of successful hacks reported by
businesses has doubled, with hacking attempts rising
disproportionately for small businesses, the survey found.
The cost of investigating and remedying the problem, rather than
loss of business or service disruption, topped the list of concerns
for most organisations.
Twenty five per cent of companies took between two and 10 days of
man-effort to repair their systems, and some took as many as 20 to
50 man-days.
Despite growing threats, the survey found that almost 50% of
companies rely on firewalls as their only form of defence.
Only 14% of all organisations and 32% of large organisations
scanned their networks for attacks and vulnerabilities. Just 8% of
all organisations and 25% of large companies did penetration
testing on their network gateways. Four per cent of businesses used
"war dialling", where users test for vulnerable data links by
checking their telephone extensions for unauthorised modems.
The survey found that almost 50% of firms hosted their websites
with external companies, but a significant proportion were unaware
what security defences their suppliers had put in place.
"Blind faith may be a little harsh, but there is an element where
people think it will be alright if they outsource. Their comfort
comes from outsourcing, not from what the outsourcer brings by way
of security," said Beard.
Full results of the survey will be released at Infosecurity Europe,
London, 27-29 April
www.infosec.co.uk