[Infowarrior] - Password overload hitting firms' IT security: study

Richard Forno rforno at infowarrior.org
Tue Apr 25 08:26:19 EDT 2006 

Password overload hitting firms' IT security: study
Reuters
Tuesday, April 25, 2006; 7:22 AM
http://www.washingtonpost.com/wp-dyn/content/article/2006/04/25/AR2006042500
382_pf.html

LONDON (Reuters) - Security breaches from computer viruses, spyware, hacker
attacks and theft of equipment are costing British business an estimated 10
billion pounds ($18 billion) a year, according to a survey on Tuesday.

The loss is 50 percent higher than the level calculated two years ago, said
the study by consultancy PricewaterhouseCoopers for the Department of Trade
and Industry.

The rise comes despite companies increasing their spending on information
security controls to an average 4-5 percent of their IT budget from 3
percent in 2004.

One area of concern for security, the study warned, was the increasing
number of user IDs and passwords employees were having to remember.

Larger companies, which tend to be more security-conscious, saw the number
and cost of computer security breaches fall, but both rose at smaller firms
where controls may be less rigorous.

Firms were asked how much the worst incident last year cost them. For large
firms, the average loss was between 65,000 and 130,000 pounds, mostly
accounted for by disruption to business.

At small companies, the average loss was between 8,000 and 17,000 pounds.

Industry Minister Alun Michael said while slightly fewer companies overall
reported breaches than in 2004, there was no room for complacency.

"The cost of the damage caused by attacks on security has risen as the
nature of the attacks has become more serious," he said.

"That's why it's crucial to have good security in place."

Virtually every UK company uses anti-virus software, but a quarter of
businesses are not protected against the newer threat of spyware, which can
lead to the loss of confidential information.

One in five corporate wireless networks is completely unprotected, with a
further one in five operating without encryption, allowing outsiders to
eavesdrop on company communications.

Chris Potter from PricewaterhouseCoopers said British business had become
more aware of the risks of IT crime, but added that some firms "still seem
to believe they are immune to the dangers and don't have even basic security
controls in place."

"This is particularly worrying as we see new technologies emerging that pose
new threats to UK plc."

Poor IT procedures can make companies vulnerable. The study found that
employees have on average to remember three different user IDs and
passwords, while in two percent of companies staff have to recall 10
different IDs.

"The more IDs and passwords users have to remember, the more likely the
business is to have had unauthorized access," the report said.

PricewaterhouseCoopers interviewed 1,000 companies between October 2005 and
January 2006 for the DTI Information Security Breaches Survey.

© 2006 Reuters

More information about the Infowarrior mailing list