The study, which sought the views of more than 1,200 IT directors and security professionals, found that five per cent of businesses in the UK have no security measures in place at all to protect their corporate communications. Worryingly, 17 percent of those security professionals questioned were unsure as to how much of their organisation’s network traffic was encrypted.
There is also increasing evidence that the overall levels of network protection are dropping. More than a third (34 percent) of businesses were found to encrypt between one and 25 per cent of their data. However, last year only 26 percent of organisations admitted such low security measures.
“The level of encryption required will obviously vary from organisation to organisation, but companies should be looking to encrypt as much network traffic as possible, if not all of it,” said Gary Clark, VP EMEA, SafeNet. “However, I am concerned to see that the number of organisations implementing security measures and encryption policies has decreased over the past 12 months.”
The study also found that organisations are failing to implement any additional security measures for remote worker access. Almost two-thirds (61 per cent) of companies still use traditional passwords, just under a quarter (23 percent) use tokens or smartcards and only three per cent use biometrics.
Only a quarter (26 percent) of IT security professionals believe their corporate network is very secure from internal and external threats, despite that figure rising by seven per cent since last year’s study. More than a third (67 percent) of those people surveyed believe that their company IT systems were quite secure. And seven per cent of those questioned said that they think their company network is not at all secure.
“With the increase in mobile and remote working, mission-critical data is flowing freely both inside and outside the firewall so cyber-criminals have more opportunity – as well as the resources – to access and take advantage of sensitive data,” Clark added. “But this does not have to be the case if the appropriate security strategy and technology are introduced.”
Study: UK companies failing to protect critical data
By Fiona Raisbeck on Aug 27, 2007 1:39PM