Businesses are focusing too much on external IT security
threats and are neglecting the internal threats posed by
technologies such asWi-Fi networks, voice over internet
technologies, such as voice over IP (VoIP), andUSB memory sticks, a survey has
found.
The National Computing Centre (NCC) Benchmark of IT Strategy
2007 which surveyed 190 UK businesses, revealed that 40% of
respondents have
only partially secured their wireless networks, or not secured
them at all, and only 15% of respondents have implemented VoIP
security.
Stefan Foster, managing director of NCC, said, "Running
unsecured Wi-Fi is like locking the front door, but leaving the
windows open. Fraudsters are increasingly targeting IT systems, and
the growing use of Wi-Fi is attracting their attention both inside
and outside of the office environment. Unsecure wireless is putting
organisations and those who interact with them at unnecessary
risk."
The proliferation of small, high capacity
USB data devices has also introduced a new security hole into many
organisations. Nearly 75% of respondents recognise that this
liability will need to be addressed, but only 11% have fully
implemented controls on USB and data-writing devices on the
desktop.
A
security flaw in Sony's range of USB memory sticks was reported
this week, which could leave PCs vulnerable to hackers.
"Much IT related crime comes from within the organisation so it
is alarming that 25% of respondents indicated that formal security
training for end-users was "not relevant" or "not considered" and
only 40% indicated end users security training was fully or
partially implemented," said Foster.