A new survey has found that a growth in external hacking attempts, DDoS and malware attacks, and internal threats to data are the key security concerns for UK businesses.
The Check Point Survey showed that 64 per cent of respondents said that external attacks had increased significantly in the past 12 months, and 57 per cent reported an increased risk of internal data breaches, particularly from growing use of web and social media applications.
According to the survey of 560 UK IT and infosecurity professionals, the growing number and complexity of different security products deployed on their networks is contributing to the increased risks of attacks and breaches. 42 per cent of respondents stated that security complexity had itself become a significant security risk to their organisation, and a further 40 per cent felt that simplifying their security estates would improve overall network and data protection.
57 per cent of respondents stated they had seen an increase in internal security incidents such as risks of data loss and breaches via file-sharing and social networks over the past year. This is despite significant numbers of organisations taking steps to mitigate these risks.
The most popular security measures aimed at reducing the risk of internal breaches include:
- Setting up employee awareness programmes (53 per cent of respondents said they did this)
- Use of data encryption on sensitive documents (done by 47 per cent of respondents)
- Locking down USB ports on PCs (39 per cent)
- Restricting employees ’ use of social media and instant messaging (31 per cent)
- Deploying data leak prevention (DLP) solutions (24 per cent)
- 58 per cent of respondents stated they had clearly-defined security policies for staff concerning data handling.
Tom Davison, UK technical director for Check Point said: “Even though organisations are concerned about securing their networks, and are deploying more products to deal with a growing range of threats, external attacks and internal incidents continue to increase. The complexity of networks, applications and security products is making it harder for IT teams to manage their security estates, which is leading to vulnerabilities not being addressed, and employees inadvertently causing breaches.
“When the security solutions themselves are creating a risk, it ’s vital that organisations rethink their approach to protecting their networks and data. They need to simplify and consolidate security management, and make it easier to establish security policies and practices that employees can easily follow, to curb the risk of attacks and breaches. ”
Survey respondents were also concerned over the integrity of security across their networks. 45 per cent stated they frequently run complete vulnerability and threat scans on their networks, to establish what threats may be present. A further 30 per cent of respondents said they run scans occasionally, and just 9 per cent said they had never run a vulnerability scan.
Earlier this year, Check Point ’s 2013 Security Report found that 63 per cent of organisations globally are infected with bots: 70 per cent of these bots communicate with their control centre at least every 2 hours. 53 per cent had malware downloaded onto their networks from pre-existing infections. 61 per cent of organisations were found to use P2P file-sharing, and 43 per cent were using anonymizer apps.
To cut the risks of exposure to external attacks, and to stop threats spreading, companies should identify their critical network assets and data, and enforce multi-layered threat prevention. This includes proactive education of employees, and interactive security policy enforcement to alert users and help to stop incidents in real time.
The Check Point survey gauged the opinions of 560 IT and infosecurity professionals across a range of UK companies from the public and private sectors.