Security complexity and internal breaches are key concerns

Growth in external hacking attempts, DDoS and malware attacks, and internal threats to data are the key security concerns for UK businesses.

64% of respondents to a Check Point survey said that external attacks had increased significantly in the past 12 months, and 57% reported an increased risk of internal data breaches, particularly from growing use of web and social media applications.

According to the survey of 560 UK IT and infosecurity professionals, the growing number and complexity of different security products deployed on their networks is contributing to the increased risks of attacks and breaches. 42% of respondents stated that security complexity had itself become a significant security risk to their organization, and a further 40% felt that simplifying their security estates would improve overall network and data protection.

57% of respondents stated they had seen an increase in internal security incidents such as risks of data loss and breaches via file-sharing and social networks over the past year. This is despite significant numbers of organizations taking steps to mitigate these risks.

The most popular security measures aimed at reducing the risk of internal breaches include:

• Setting up employee awareness programs (53% of respondents said they did this)
• Use of data encryption on sensitive documents (done by 47% of respondents)
• Locking down USB ports on PCs (39%)
• Restricting employees’ use of social media and instant messaging (31%)
• Deploying data leak prevention (DLP) solutions (24%)
• 58% of respondents stated they had clearly-defined security policies for staff concerning data handling.

Tom Davison, UK technical director for Check Point said: “Even though organizations are concerned about securing their networks, and are deploying more products to deal with a growing range of threats, external attacks and internal incidents continue to increase. The complexity of networks, applications and security products is making it harder for IT teams to manage their security estates, which is leading to vulnerabilities not being addressed, and employees inadvertently causing breaches.

“When the security solutions themselves are creating a risk, it’s vital that organizations rethink their approach to protecting their networks and data. They need to simplify and consolidate security management, and make it easier to establish security policies and practices that employees can easily follow, to curb the risk of attacks and breaches.”

Survey respondents were also concerned over the integrity of security across their networks. 45% stated they frequently run complete vulnerability and threat scans on their networks, to establish what threats may be present. A further 30% of respondents said they run scans occasionally, and just 9% said they had never run a vulnerability scan.

Earlier this year, Check Point’s 2013 Security Report found that 63% of organizations globally are infected with bots: 70% of these bots communicate with their control centre at least every 2 hours. 53% had malware downloaded onto their networks from pre-existing infections. 61% of organizations were found to use P2P file-sharing, and 43% were using anonymizer apps.

To cut the risks of exposure to external attacks, and to stop threats spreading, companies should identify their critical network assets and data, and enforce multi-layered threat prevention. This includes proactive education of employees, and interactive security policy enforcement to alert users and help to stop incidents in real time.