Over-reliance on user passwords is putting UK companies at risk
March 17, 2004 10:14am
Computer Weekly
Twenty per cent of the UK's largest companies suffered security breaches during the past year because of poor user authentication practices and an over-reliance on passwords to secure corporate IT systems, the Department of Trade & Industry's latest Information Security Breaches survey has revealed.
Theft of data from corporate systems caused severe disruption for many businesses, tying up staff for an average of 10 to 20 man-days, and costing companies up to £100,000 to investigate each incident.
The survey of 1,000 organisations revealed that many are placing themselves at risk by moving to single-sign on systems, without stepping up the security of their log-in systems. These companies are more likely to report a security breach, the research found.
"Single sign-on has many benefits, but if you are going to put all your eggs in one basket, you have to make sure it is a strong basket," said Chris Potter, partner at PriceWaterhouseCoopers.
The survey showed that 87% of companies rely on user ID and passwords alone to secure their systems and 7% have no access control at all. Only 6% of companies, and 25% of large businesses, use tokens, smartcards and biometric log-ins. Large firms have reaped the benefit of these technologies, with just over 3% of users suffering unauthorised accesses to their systems, compared with 20% of companies that rely on passwords alone.
The research suggested that companies could improve security by automating procedures for allocating staff access rights.
Full results of the survey will be released at Infosecurity Europe, London, 27-29 April
www.infosec.co.uk
bill.goodwin@rbi.co.uk
hoovers.com
steve |
