Almost 40 per cent of UK organisations admit they are protecting less than a quarter of their network traffic, according to SafeNet's annual security survey.
The study, which sought the views of more than 1,200 IT directors and security professionals, found that five per cent of businesses in the UK have no security measures in place at all to protect their corporate communications. Worryingly, 17 per cent of those security professionals questioned were unsure as to how much of their organisation’s network traffic was encrypted.
There is also increasing evidence that the overall levels of network protection are dropping. More than a third (34 per cent) of businesses were found to encrypt between one and 25 per cent of their data. However, last year only 26 per cent of organisations admitted such low security measures.
“The level of encryption required will obviously vary from organisation to organisation, but companies should be looking to encrypt as much network traffic as possible, if not all of it,” said Gary Clark, VP EMEA, SafeNet. “However, I am concerned to see that the number of organisations implementing security measures and encryption policies has decreased over the past 12 months.”
The study also found that organisations are failing to implement any additional security measures for remote worker access. Almost two-thirds (61 per cent) of companies still use traditional passwords, just under a quarter (23 per cent) use tokens or smartcards and only three per cent use biometrics.
Only a quarter (26 per cent) of IT security professionals believe their corporate network is very secure from internal and external threats, despite that figure rising by seven per cent since last year’s study. More than a third (67 per cent) of those people surveyed believe that their company IT systems were quite secure. And seven per cent of those questioned said that they think their company network is not at all secure.
“With the increase in mobile and remote working, mission-critical data is flowing freely both inside and outside the firewall so cyber-criminals have more opportunity – as well as the resources – to access and take advantage of sensitive data,” Clark added. “But this does not have to be the case if the appropriate security strategy and technology are introduced.”