Businesses are focusing too much on external IT security threats and are neglecting the internal threats posed by technologies such as Wi-Fi networks, voice over internet technologies, such as voice over IP (VoIP), and USB memory sticks, a survey has found.
The National Computing Centre (NCC) Benchmark of IT Strategy 2007 which surveyed 190 UK businesses, revealed that 40% of respondents have only partially secured their wireless networks, or not secured them at all, and only 15% of respondents have implemented VoIP security.
Stefan Foster, managing director of NCC, said, "Running unsecured Wi-Fi is like locking the front door, but leaving the windows open. Fraudsters are increasingly targeting IT systems, and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk."
The proliferation of small, high capacity USB data devices has also introduced a new security hole into many organisations. Nearly 75% of respondents recognise that this liability will need to be addressed, but only 11% have fully implemented controls on USB and data-writing devices on the desktop.
A security flaw in Sony's range of USB memory sticks was reported this week, which could leave PCs vulnerable to hackers.
"Much IT related crime comes from within the organisation so it is alarming that 25% of respondents indicated that formal security training for end-users was "not relevant" or "not considered" and only 40% indicated end users security training was fully or partially implemented," said Foster.