Cloud computing and social networking leave UK businesses exposed to cyber attacks
Business use of technology is evolving faster now than at any point in the last decade.
Internet use has moved way beyond email and websites and into the realms of social networks and externally-hosted software services accessed across the Internet (often referred to as cloud computing).
These changes have increased the vulnerability of UK companies and public sector organisations to new cyber attacks. Hacking and denial of service attacks have doubled in the last two years. As a result, security remains high on management’s list of priorities.
These are among the preliminary findings of the 2010 Information Security Breaches Survey (ISBS) commissioned by Infosecurity Europe and written by PricewaterhouseCoopers LLP. The full results of the survey including details of the number and cost of security breaches in the UK, will be revealed at Infosecurity Europe in London on 28 April.
The rate of adoption of newer technologies has accelerated over the last two years and most respondents now say they use wireless networking, remote access and VoIP. Some 85% of smaller organisations said they were using wireless, almost double the use in 2008. The number of organisations allowing staff to have remote access to their systems has also increase with nine tenths of large companies now doing this.
As organisations have looked to cut their IT costs, they have increasingly turned to external providers who host applications on their behalf. These services, including Software as a Service (SaaS) and cloud computing, are now used by over three-quarters of the organisations polled and of these, 44% said they were entrusting critical services to third parties. All sectors are making use of the services, but government is least likely to release control of critical services.
At the same time that companies are increasing their dependence on other organisations for their IT services, there has been an explosion of new cyber attacks. 61% of large organisations have detected a significant attempt to break into their network in the last year, twice as many as two years ago.
Some 15% of large organisations have detected actual penetration by an unauthorised outsider into their network in the last year, and it is likely that many more were undetected. 25% of large organisations have suffered a denial of service attack in the last year, also more than double the proportion in 2008. Outsourcing IT services does not make the security risk go away, but few companies are taking enough steps to ensure their outsourced services are not vulnerable to attack.
Chris Potter, partner, OneSecurity, PricewaterhouseCoopers LLP, says: “Very few organisations are encrypting data held on virtual storage, including the ‘cloud’. Worryingly, only 17% of those with highly confidential data at external providers ensure that it is encrypted. Virtualisation and cloud computing seem to be set to follow the trend, established over the last decade, of controls lagging behind adoption of new technologies. Given the increased criticality and confidentiality of information held on virtual storage, organisations need to respond quickly to close this control gap.”
