You are still the weakest security link

Survey finds staff misuse of IT topping causes of business security breaches

Iain Thomson, vnunet.com 05 Aug 2004

Yet again staff have been identified as the biggest security threat to business IT systems, in a survey released today.

The poll of 1,240 British businesses found employee misuse of technology topping the reasons for security breaches, with 50 per cent of businesses having problems. The second highest cause, at 45 per cent, was poorly updated antivirus software.

Only 18 per cent of organisations attributed problems to their own security policies.

The survey kicks off a year-long education campaign aimed at British business by security vendor McAfee, involving seminars and guide books aiming to inform on best practice.

"Business perceives humans as the weakest link in security," explained Sal Viveros, SME director for McAfee.

"Companies aren't taking the initiative to educate employees about the risk of certain activities, like file sharing with peer-to-peer [P2P] software. It's a duty of every company to make sure their IT environment is safe for its employees and others to access."

Although 75 per cent of companies have put procedures in place, two thirds of them believe staff have downloaded music and over half believe the same for instant messaging applications or multimedia software.

Professor Neil Barrett, who teaches IT security at Cranfield University, has firm views on such applications.

"Any company with employees running P2P software is at risk," he warned.

"People shout and scream about applications like instant messenger being security threats but anything that, by design, downloads unchecked software onto a work PC is just an atrocious security risk."

The survey also found that less than half of those surveyed were using any kind of anti-spam technology, and less than a quarter had intrusion prevention systems in place.

See also: