Large organisations\' security breaches blamed on poor policies

A loss of decent security on mobile devices and tablets has brought about 82 per cent of huge organisations reporting security breaches.

According to a survey of security professionals from 447 organisations, 47 per cent of enormous organisations have lost or leaked confidential information hung on mobile devices, while only 39 per cent encrypt downloaded data.

The report by PwC, at the side of Infosecurity Europe and supported by the dep. for Business, Innovation and talents, found that 54 per cent of small businesses (and 38 per cent of enormous organisations) don't have a safety-awareness programme.

Chris Potter, PwC information security partner, said: “With the explosion of recent mobile devices and the blurring of lines between work and private life, organisations are opening their systems as much as massive risk. Smartphones and tablet computers are frequently lost or stolen, with any data on them exposed, while mobile devices can literally drill straight through your security defences, if you are not careful.

““However, organisations aren't responding to those new challenges. Just as we saw a decade ago with computer viruses, companies are slow to regulate their controls as technology usage changes. It's clear how important smartphones and tablets became â€" as confidential data is increasingly stored on them, the danger of knowledge breaches increases.”

Only 26 per cent of respondents with a safety policy believed that their staff had "a good understanding" of it, while 21 per cent said staff understanding was "poor".

Potter said: “Setting out your security is very important to make sure staff know what risks to appear out for, the best way to handle data appropriately and what to do if a breach occurs. The foundation reason behind security breaches by staff is usually a failure by organisations to take a position in educating staff about security risks. Yet organisations are failing to advertise a culture of security awareness so staff are frequently ignorant of the dangers they're posing.

“Often, breaches occur through ignorance instead of malice. Possession of a safety policy on its own doesn't prevent breaches; staff ought to realize it and put it into practice. The survey results show a transparent payback from security awareness programmes â€" education ends up in greater understanding which in turn results in fewer breaches. Unfortunately, the survey results also show that it often takes a significant incident before companies train their staff.”