Organisations are ignoring threats from Wi-Fi, VoIP and USB storage devices, That's according to a survey by the National Computing Centre which found that 40 percent of British organisations had only partially secured their networks. Only 15 percent of respondents had implemented VoIP security.
Stefan Foster, MD of the NCC, said: “Running unsecured Wi-Fi is like locking the front door but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of Wi-Fi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk.”
Elsewhere, however, efforts to improve security are more visible, with the protection of data on laptop systems an area of considerable growth. Twenty percent of respondents said laptop security measures were in place, and a further 20 percnt reported it under development or planned.
But the proliferation of small, high capacity USB data devices has also introduced a new security liability into many organisations, and while nearly 75 percent of respondents recognised that this liability needed to be addressed only 11% said they had fully implemented controls on USB/data-writing devices on the desktop.
The survey also reveals that:
- Just over 60 percent of respondents reported employing some IT staff who are mainly or completely engaged in IT security activities, but the incidence of security experts correlates very strongly with the size of the IT function
– over half of those with fewer than 25 IT staff employed no security specialists.
- The median estimated level of expenditure on IT security was 3.3 percent of total IT spending (staff and capital costs).
- The highest proportion of security spending was reported by the education sector, but the highest per-capita IT spending levels were reported by the finance sector.
- There is rapidly growing interest in authentication procedures – 40 percent of respondents reported single sign on access control for end users, but it was under development or planned by nearly 30 percent.
The National Computing Centre’s Conference on Business Continuity is taking place on the 20 September in Manchester.