UK IT SYSTEMS AND DATA PROTECTION OVERVIEW vnunet.com How to sell - The danger within
How to sell - The danger within
By Marc Ambasna-Jones [17-05-2004]



The sheer scale of the security threat presented by employees should not be underestimated.
Either knowingly or unknowingly, employees represent the biggest threat to IT systems or data security, and businesses in the UK are not doing enough about the problem because of a mixture of ignorance, skills shortages and a lack of investment. This is a recipe for reseller intervention.

According to a joint survey conducted by consultant PwC and the Department of Trade and Industry (DTI) on behalf of Microsoft, Entrust and Computer Associates, the problem of security breaches is far from under control.

The DTI Information Security Breaches Survey 2004 found that 74 per cent of all businesses (94 per cent of large firms) have had a security incident in the past year.

Malicious incidents, such as viruses, unauthorised access, misuse of systems, fraud and theft, rose dramatically with 68 per cent of firms (91 per cent of large ones) suffering at least one such incident in the past year. This is a rise of 44 per cent compared with 2002.

It is a shocking statistic, especially when you consider that each serious incident costs on average £10,000 (or £120,000 for large companies) through disruption of business.

CONTINUED..........

Businesses should be thinking not about just data security but also about physical security.

According to Peter Goodenough, UK managing director of security supplier HI SEC International, the statistics from the NHTCU show that the security problem is not about just high-profile cases of worm and virus intrusion.

Physical security such as laptop theft also has to be taken extremely seriously, especially as the cost implications can be greater.

"Physical breaches targeting IT are more directed and, in the long term, more damaging to a business," says Goodenough. "This is the true danger of rogue employees. The NHTCU's recent figures show an alarming occurrence of hardware theft."

This threat also raises the issue of being compromised by sensitive data falling into the wrong hands. According to insurance company Complete Computer Cover, about 67,000 notebooks are lost or stolen every year in the UK.

This should, in theory at least, force companies to look at using technology to 'tie-down' the laptop to the business.

One of he most obvious ways of doing this is through smart card technology.

IBM's Embedded Security System for example, provides an embedded authentication system into the notebook.

Combined with VPN technology, this gives users secure, high-speed connections when accessing corporate LANs via the internet, without the need to carry around separate, expensive key fob devices for authentication.

The sub-system also adds support for strong user authentication using pass phrases, fingerprints and proximity badges, protecting access to the system and to secure confidential information.