U.K. companies are ignoring security in their rush to adopt cloud computing, while many of them are now restricting employee Internet usage, according to a new snapshot of the Information Security Breaches Survey (ISBS) 2010 in the U.K.
The findings are among the preliminary results from ISBS 2010, which is produced every two years by PricewaterhouseCoopers LLP and which has become the most comprehensive survey of security trends in the U.K. during the last two decades.
The full ISBS 2010 findings will be published on April 28, but some highlights have already been released:
- A majority (85%) of smaller organisations now use wireless networking, a figure that has almost doubled since ISBS 2008. The number of organisations allowing staff to have remote access to their systems has also increased, with 90% of large companies now doing this, up from 54% in 2008.
- Software as a Service (SaaS) and cloud computing are now used by more than three-quarters of organisations polled, and of those, 44% entrust critical services to third parties. All sectors are making use of the services, but government is least likely to release control of critical services.
- When it comes to large organisations, 61% have detected a significant attempt to break into their networks in the past year, twice as many as two years ago.
- A more modest number of large organisations (15%) have detected actual penetration by an unauthorised outsider into their network in the last year.
- One quarter of large organisations have suffered a denial-of-service attack in the last year, more than double the proportion in 2008.
- Only 17% of those with highly confidential data at external providers ensure that it is encrypted.
- ISO 27001 is becoming a common standard for compliance; 40% of large organisations are being asked to demonstrate compliance with the standard.
- Nearly half of large organisations now restrict which staff can access the Internet; less than a third did so in 2008.
ISBS 2010 will be the tenth such report and is based on interviews with more than 1,000 businesses chosen to represent a wide spectrum of the security industry.