ÐÇ¿Õ´«Ã½

The Department of Trade and Industry's (DTI) 'Information Security Breaches Survey 2002' reveals that half of UK businesses operating transactional web sites don't use encryption technologies to secure transactions and files held on web servers.

Less than one-third of businesses encrypt files such as credit card details, leaving customer details and confidential company information wide open while over one-third of transactional web sites have no firewall.

In his keynote speech at April's 'InfoSecurity Europe Conference 2002' in London, PriceWaterhouseCoopers' e-business security partner Chris Potter stressed that transactional web sites pose new problems for a host of businesses in that they hold highly-sensitive information which demands stringent protection.

"A significant number of businesses have not put in place appropriate security controls in spite of the increasing number of security incidents documented during the last two years," said Potter.

Potter's own company has led the consortium of companies which managed the research for this report, the other participants including RSA Security, Symantec, Genuity and CountryWide Porter Novelli. In his address, Potter suggested the problem must be nipped in the bud, since one-in-five companies accept orders online in today's marketplace – twice as many as in 2000.

A third finding of the report centres on the growing menace posed by new strains of virus, including the infamous Code Red worm and the Nimda virus.

According to the DTI survey, virus infections have almost tripled since the year 2000 and, with four in every ten companies admitting to virus problems, this now represents the single largest type of security incldent related to the Internet and e-mail.

In spite of this, 17% of companies have no virus infection software to protect them from harm, while those that do struggle to keep it up-to-date.

Chris Potter added: "Businesses continue to assume that it will never happen to them. However, given the rise in virus infections it is now a question of 'when' rather than 'if' they'll be affected."

Security and IT managers need to take action now to ensure effective information security. "It's not enough to simply have anti-virus software these days," stated Potter. "Businesses must keep their firewalls and intrusion detection systems up-to-date as well."

Copies of the Department of Trade and Industry's 'Information Security Breaches Survey 2002' are available from Rebecca Rainsford (telephone: 020 7853 2222) or Penny Hawley (07720 277143).