Despite available budgets, UK organisations are vulnerable to cyber attack due to a lack of skills and access to the latest IT security. This is despite the fact that many predict an increase in attacks driven by increased employee use of smartphones and tablets. This is according to research by Cyber Security EXPO (the show at Excel, London, on October8 and 9, 2014) and done by Redshift Research.
The survey of 300 UK IT directors and managers identified the perceived challenges to effective security, gauged reactions to recent high profile attacks and examined attitudes to improving identification and authentication within organisations.
While only 9pc of respondents cited lack of budget as the most significant challenge, 37pc of respondents were most concerned about a shortage of security technology. Almost a quarter (23pc) claimed the biggest challenge was the shortage of well qualified people.
This was despite the fact that 38pc of respondents predicted an increase in vulnerabilities driven directly from users 24/7 use of smartphones and tablets. This was particularly prevalent within the banking sector (47pc), public sector (42pc), utilities (50pc) and telco (53pc) sectors. This would appear to be having an impact on how UK organisations can respond to attacks. When asked if recent claims from Russian hackers that they have amassed 1.2 billion user ID-password combinations had prompted any action (for example had they warned users /customers, imposed password changes, adjusted IDS and alert escalation policy), near half, 47pc of respondents said no action had been taken.
Worst offenders included technology companies (43pc of whom took no action), transport (64pc) and 63pc of public sector respondents. Utility, engineering and banking and finance sectors performed better here with 80pc, 69pc and 60pc respectively claiming to have taken action.
When asked about what they would ideally implement to most improve identification and authentication in their organisation, two factor authentication proved a preference with 48pc claiming this would have the biggest impact. Biometrics came in at 31pc, with single sign on coming in at 19pc%. More than half, 55pc of those asked would also immediately ban the use of USBs, with 18pc claiming that they already do. The most anti-USB sectors appear to be banking and finance (33pc), followed by local authorities (36pc) who claim they already have a complete ban on USB devices.
Comment
Dan Sloshberg, Director of Product Marketing, Mimecast, said of the research: “A constant battle of cat and mouse between vendors, their customers and attackers, the sheer rate of change in the security industry presents a colossal challenge to stretched in-house IT teams. That’s why turning to an external specialist 100pc focused on security is the best option for many businesses. An external company with resources to devote themselves entirely to security is more able to keep their customers up to date, protected and closely scrutinised for potential threats, whether that be a spear phishing attack or mobile-targeted malware. Another plus – if they are cloud-based, customers also benefit from an improved speed of response because the external team is able to monitor 24 hours a day, 365 days a year, and protect against attacks across their wider customer base, not just one specific environment.”
