Nearly all UK companies still have work to do to
implement all the safeguards necessary to manage and control access
for users to their systems and reduce the risk of crimes such as
electronic identity theft.
Just 1% of companies have all the pieces of the identity and
access management jigsaw, according to findings from the 2006
Department of Trade and Industry's biennial Information Security
Breaches Survey.
The survey showed, however, that where organisations did have
the requisite identity and access management safeguards in place,
none reported a single identity-related security incident.
Key findings from the survey of 1,000 companies include:
Compliance with laws and regulations has become the key driver
(90%) for managing and controlling systems access, taking over from
reducing the cost of user access management and enabling new
internet-enabled business ventures.
More businesses than ever are using strong authentication
techniques, such as hardware tokens or digital certificates. But
single factor authentication continues to prevail, with 80% of
companies still relying on passwords alone.
Businesses using stronger forms of authentication, such as
biometrics, had fewer security incidents than those using software
tokens and certificates alone.
Nearly a fifth of large businesses reported staff gaining
unauthorised access to data, while 6% suffered impersonation or
phishing attacks.
The full results of the survey will be launched at the
Infosecurity Europe event in London on 25-27 April. Given the level
and sophistication of current threats, it is likely to make for
uncomfortable reading.