New research launched today by Cyber Security EXPO (Excel, London, 8-9 October 2014) and conducted by Redshift Research, claims that despite available budgets, UK organisations are vulnerable due to a lack of skills and access to the latest security technology. This is despite the fact that many predict an increase in attacks driven by increased employee use of smartphones and tablets.
Featured Download: CISO Data Breach Guide
The survey of 300 UK IT directors and managers identifies the perceived challenges to an effective security programme, gauges reactions to recent high profile attacks, and examines attitudes with regards to improving identification and authentication within organisations.
Main Perceived Challenges
While only 9% of respondents cited lack of budget as the most significant challenge, 37% of respondents were most concerned about a shortage of security technology. Additionally, almost a quarter (23%) claimed the biggest challenge was the shortage of well-qualified people.
This was despite the fact that 38% of respondents predicted an increase in vulnerabilities driven directly by users’ 24/7 use of smartphones and tablets. This was particularly prevalent within the banking (47%), public (42%), utilities (50%) and telco (53%) sectors.
Impact on Risk Response
This would appear to be having a direct impact on how UK organisations can effectively respond to attacks. When asked if recent news that Russian hackers succeeded in amassing 1.2 billion User ID / Password combinations had prompted any action (which might include warning users /customers, imposing password changes, or adjusting IDS and alert escalation policy), an astonishing 47% of respondents said no action had been taken.
Worst offenders included technology companies (43% of whom took no action), transport (64%) and worryingly 63% of public sector respondents.
Encouragingly, utility, engineering and banking and finance sectors performed better here, with 80%, 69% and 60% respectively claiming to have taken proactive action.
Improving Identification and Authentication
When asked about what they would ideally implement to most improve identification and authentication in their organisation, two-factor authentication proved a firm preference with 48% claiming this would have the biggest impact. Biometrics came in at 31%, with single sign-on coming in at only 19%.
55% of those asked would also immediately ban the use of USBs, with 18% claiming that they already do. The most anti-USB sectors appear to be banking and finance (33%), followed by local authorities (36%) who claim they already have a complete ban on USB devices.
About Cyber Security EXPO
Co-located with IP EXPO Europe, Cyber Security EXPO has been designed to provide CISOs and IT security staff the tools, new thinking and policies to meet the 21st century business cyber security challenge. At Cyber Security EXPO, discover how to build trust across the enterprise to securely manage disruptive technologies such as:
– Cloud computing mobile
– Bring your own device (BYOD)
– Social media
– Identity and access
– Encryption
– GRC
– Analytics
– Data
The event delves into business issues beyond traditional enterprise security products, providing exclusive content on behavior trends and business continuity
IP EXPO Europe, Cyber Security EXPO and Data Centre EXPO takes place on 8-9 October 2014 bwetween 09:30 and 17:30 at ExCel, London E16 1XL.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.