The National Computing Centre (NCC) in the UK has posted the results of a recent survey on external IT security threats. The data indicates areas that pose serious security threats, including lack of business support for IT Security.

The survey of 190 organizations found that most companies are addressing certain external IT security threats (viruses, spam, hackers), but not others. In particular, security of WiFi networks, VOIP, and USB devices needs to be addressed further.

Findings from the study:

  • 40% have partially secured, or completely insecured, wireless networks
  • 15% have VOIP security
  • 20% have laptop security implemented, another 20% have this in planning
  • 75% recognize the liability of USB/data devices, but only 11% have controls implemented
  • 25% say that formal security training is not relevant or considered
  • 40% indicate security training is fully or partially implemented
  • In companies with fewer than 25 IT employees, over half the companies have no IT Security specialist
  • The median security spend was 3.3% of the IT budget

The NCC sees wireless security, in particular, as a large threat that should be addressed quickly.

Stefan Foster, MD of NCC Ltd said, “Running unsecured WiFi is like locking the front door, but leaving the windows open. Fraudsters are increasingly targeting IT systems and the growing use of WiFi is attracting their attention both inside and outside of the office environment. Unsecure wireless is putting organisations and those who interact with them at unnecessary risk.”

I was particularly intrigued that respondents did not consider internal training as necessary, when 25% of UK IT crime is internal. Overall, the data seems to indicate that security is of low priority in terms of planning and of budget.

Via Computerworld UK Tags: , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati