UK security practices insufficient, says F-Secure

~ security still not viewed as critical by UK businesses, but anti-virus and
anti-malware recognised as strong risk prevention tools ~

Two-thirds of UK IT professionals believe that security is mistakenly not viewed as ‘mission-critical’ by the rest of the business. This is according to a study of over 450 UK IT professionals by Ponemon Institute for F-Secure.

Independently conducted research was commissioned to determine the technologies, controls and governance practices that yield the greatest prevention value when used by organisations to curtail security attacks or mishaps.

The majority of respondents identified potential shortfalls in their organisations’ security procedures. Over half (59%) of respondents either do not have security and data protection policies in place or say they are not strictly enforced. Of those that have policies, 65 per cent believe that senior leaders are not supportive of security and data protection initiatives, and 68 per cent believe their organisation does not have the necessary resources to manage or limit serious security threats.

“The explosion and popularity of new mobile devices has given cyber criminals new opportunities to steal data. Combined with the growth in traditional malware security attacks on business (such as viruses, Trojans and brute force attacks), it’s surprising that UK businesses still do not have a handle on their security policies and data protection in this digital age,” commented Tom Gaffney, security advisor at F-Secure UK. “Part of the problem is that the traditional ROI metrics don’t apply to security measures – instead they need to be considered as, what we call, ‘return on prevention’. As a result, security is not a business priority. Who knows what damage is being done that could be avoided with simple security processes deployed?”

When asked about the ‘return on prevention’ businesses achieve from various technologies, over half (55%) believed that anti-virus and anti-malware provide substantial return. Over half (54%) also highlighted its effectiveness for mobile devices, citing that the cost of implementation is low and the technology is deemed effective in stopping a large number of threats or attacks.

Mobile malware is still very limited, but the risk is growing and will continue to do so, particularly with the arrival of netbooks and other tablet devices as fresh targets for attacks. The risk will make mobile security increasingly important for companies with mobile workforces storing sensitive and confidential data on these devices.

Interestingly, organisations within the financial services and technology sectors attached a higher rate of ‘return on prevention’ to security technologies such as web application firewalls and policy enforcement tools.

“A well-executed security implementation can provide a cost-effective way of delivering value to the business and offer peace of mind to senior managers and staff,” concluded Tom Gaffney.
NOTES TO EDITORS

F-Secure – Protecting the irreplaceable
While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.