Companies are failing to encrypt sensitive financial
data about their customers, despite a rise in the number of
attempted hacking attacks against financial websites.
The Department of Trade & Industry's Information Security
Breaches Survey 2006 has revealed that less than 66% of firms doing
business online encrypt sensitive financial data they receive about
their customers.
The findings come as the number of reported attacks against
networks is rising, with more than 25% of businesses reporting at
least one significant attempt to break into their networks a
day.
"What is worrying is that with more transactions being conducted
over the internet, people are still dependent on perimeter
security," said Andy Beard, director at PricewaterhouseCoopers,
which managed the survey on behalf of the DTI.
Protecting customer information was one of the biggest drivers
for security spending for 90% of firms surveyed. Only 60% said
their security spending was driven by enabling business
opportunities.
Despite this, 10% of firms with a website lack a firewall, and
33% have not deployed intrusion detection software, placing
themselves and their customers potentially at risk.
The survey revealed that network security attacks were
responsible for 7% of the worst security incidents during 2005.
Sixty per cent of the attacks resulted in lost internet
connectivity, 25% caused more than a day's disruption, and 10% led
to customer complaints.
Unsecured wireless networks represent a significant threat to
businesses, with 20% of firms having no security controls on their
wireless networks.
On the positive side, all the companies surveyed said they
protected financial websites with firewalls, and the proportion of
firms using intrusion detection software has risen from 25% in 2004
to 66% in 2005.
Companies remain cautious about public wireless hotspots, with
only 12% allowing staff to use them to access work systems. Of
those that do, 60% encrypt transmissions.
l The full results of the survey will be launched at
InfoSecurity Europe in London on 25 to 27 April