According to a new Government report, released today, only a third of companies have a formal security policy in place and only one quarter of businesses have undertaken technical testing to evaluate their cyber security spending.
A headlong leap into poorly-defined IoT projects and BYOD working practices may be putting more firms in danger of an attack, according to systems integrator World Wide Technology. The new report, the Government’s Cyber Security Breaches Survey: 2017, shows that 46 per cent of UK businesses are exposed to the security risks of BYOD, rising to 57 percent in web-orientated firms. After a 12-month period that saw a range of high-profile victims, such as Amazon Web Services and Samsung, companies need to adapt to the new security demands of an increasingly connected world.
Mike McGlynn, Vice President, Security Solutions at World Wide Technology said, “the range of devices being exposed to the internet are usually not known for having mature security software, and are often in a vulnerable state. Even their manufacturers may not be in a position to regularly patch software in order to protect against online threats, let alone the enterprises that adopt these devices.
“It is encouraging that businesses are increasingly getting to grips with basic things like resetting default passwords or downloading software updates, often as part of a Bring Your Own Device policy. But the device management task involved in some IoT projects is on a scale unlike anything most enterprise networks have tackled so far.
“Currently, most device management applications are designed for tablets and smartphones which have much more predictable behaviour. They now suddenly have to deal with the number and variety of devices being connected: a smart building initiative, which uses sensors in one fixed location, creates a very different security challenge than a global supply chain project.
“Bring Your Own Device has certainly proved a challenge for many organisations, but the predicted explosion of connected devices – to reach 20.8 billion globally by 2020 – means that companies must take a holistic approach to cybersecurity which prepares them to resist attacks at the endpoint, network, cloud, and application layers.”