The survey showed that increasing volumes of business being conducted online have raised the priority given to protecting customer data. Most large organisations appear to have adopted best practice regarding network and data security and 78 per cent of those who accept financial transactions now encrypt the data they receive to ensure its confidentiality and integrity. However, smaller firms are less likely to provide the required protection; fewer than a third encrypted the data they received.
Nine-tenths of respondents recognised that protecting customer information was important or very important and a strong justification for security expenditure. This has become one of the biggest drivers for IT security spending.
While adoption of traditional security controls such as firewalls is high, newer technologies are being adopted faster than the controls to protect against their misuse. Protection of wireless networks has improved since 2004, but many small firms are still not adopting strong controls.
Firms are not considering the security implications of adopting Voice Over Internet Protocol telephony (VOIP). Despite widespread publicity, only half have evaluated the security risks; as VOIP enables a channel to be opened through the firewall, it needs to be managed correctly to ensure the risks are limited.
Key findings from the telephone survey of 1,000 companies include:
- Increasing volumes of online business are raising the priority given to protection of customer data. 90 per cent of firms considered this important or very important, and a strong justification for security expenditure.
- There was a rise in the number of companies that reported an attack on their internet or telecommunications traffic. Over a quarter of those affected by attempts to break into their networks said they suffered at least one significant attempt every day.
- The businesses attacked tended to be those that accept financial transactions online. All the websites that accept financial transactions are behind a firewall.
- Fewer than two-thirds of websites accepting financial transactions encrypt the data they receive. In contrast, every transactional website run by a very large respondent uses encryption.
- Controls over authorised wireless networks have improved. The number of unprotected networks has halved since 2004, however there is no room for complacency: one in five firms still lacks any controls.
- Few small businesses use VOIP telephony and 31% of large businesses have adopted VOIP and more are planning to use it over the next year. Half of the businesses that have implemented VOIP did so without evaluating the security risks.
These findings are published in a factsheet - 'Trustworthy Networking' - sponsored by Microsoft.