Home » Topics » Cybersecurity » ‘UK companies playing Russian roulette with customer data’

‘UK companies playing Russian roulette with customer data’

Avatar photoby Nick Ismail

UK companies continue to rely on the one security method that is the exploit target in the majority of today’s hacks - the password.

Despite multiple high profile breaches, 86% of those who manage computer systems within major UK companies use only the most basic security to access their IT systems on-site – half admit user accounts are ‘not very secure’, according to a report from Intercede.

The research looks at UK systems administrators, those who manage the operation of computer systems, or those who hold such assess rights are protecting and securing sensitive data within their organisations.

>See also: Businesses putting customer data at risk

Perhaps in acknowledgement of the risks posed, 50% of the research respondents admitted that business user accounts in their organisations are ‘not very secure’.

With 81% of hacking related breaches exploiting stolen or weak passwords, user authentication is currently the weakest link in the security chain.

The potential for catastrophic impact on businesses, and more worryingly, the consequential impact on customers, is a major concern. The research revealed some alarming results about how systems administrators are protecting access to core IT systems and turning a blind eye to the most basic security requirements.

>See also: How Tesco is using AI to gain customer insight

Richard Parris, CEO and chairman of Intercede commented on the research: “Sysadmins effectively hold the ‘keys to the kingdom’, and relying on username and password authentication is a bit like relying on a basic Yale lock to secure your front door. Even the least security conscious of us also bolt the door with a five lever mortice lock and many go much further. In today’s age of the hack, when compromised passwords are the root of the vast majority of security breaches, UK businesses clearly need to do much more – it isn’t simply their data that is compromised, it’s ours.”

“It’s time businesses finally take security seriously and look at stronger methods of authentication to protect information. With the new General Data Protection Regulation (GDPR) due for adoption next year, businesses can be held criminally liable for failing to adequately protect customer data, with severe consequences for the bottom line and for corporate reputation. There’s no excuse for continuing to play Russian roulette with data and privacy.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Authentication
Customer Data
GDPR

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise