News Archive

Human Error Risk

by msecadm4921

Human error is by far the biggest risk for computer network security.

Carelessness with passwords is costing businesses a fortune in theft and fraud, a survey by the Department of Trade and Industry (DTI) has suggested.

The DTI is spending £4m on four research projects aimed at reducing the risk that human error plays in computer network security, as part of its Network Security Innovation Platform.

A DTI password survey of over 1800 adults found that:

just over one third recorded their password or security information by either writing it down or storing it somewhere on their computer;

nearly two thirds never changed their password; and

and one in five people used the same password for non-banking websites as well as their online bank.

Minister for Science and Innovation, Malcolm Wicks, said: "Unfortunately, the weakest link in network security is not usually with the technology, but with the staff and system users. A DTI survey found that a shocking number of people were careless with passwords, unwittingly exposing themselves and their company to fraud and theft. The UK lost £440m to credit card fraud last year alone, with 62pc of companies experiencing a network security incident, so the stakes are high – this is a problem we need to fix. Network security is also a major growth area where the UK has a good opportunity to become a global leader if we develop new technology to give us a competitive edge."

The projects are part of the DTI’s Network Security Innovation Platform, which was set up to bring Government and business together to develop new ideas to improve network security. The project will use behavioural science in a bid to tackle the human risk element in network security. It is estimated, the DTI says, that development of this research could represent an estimated extra £125m market for businesses. In addition, it will represent significant savings for those companies who adopt the findings.

The four proposals are:

1 Integrating Security Technology & Organisational Culture for Employee Risk – BAE Systems, and Loughborough University. This project is aimed at developing novel organisational and human factors focused on network security risk assessment package;

2 Trust Economics – Hewlett-Packard Ltd, Merrill Lynch, University of Bath, University of Newcastle, and University College London. This project is aimed at developing a predictive modelling framework that assesses the effectiveness of the security policies that regulate the interaction between humans and information systems;

3 The Analysis of Human Behaviour from Network Communication – Chronicle Solutions, and the University of Plymouth. This project is aimed at developing a potential technology solution for the analysis of digital communications in order to identify and act on potential security threats introduced by humans to information and IT services; and

4 CatalysIS: A tool to improve risk culture and identify human vulnerabilities in Network Security – The National Computing Centre Ltd, and the University of Manchester. This project is aimed at improving attitudes towards risks both to and from information systems, specifically a software-based tool that provides a network security awareness programme that is tailored to the individual employee . For more information, go to http://www.dti.gov.uk/innovation/technologystrategy/innovation_platforms/page33796.html

Technology Strategy Board: The Technology Strategy Board developed Innovation Platforms as a new way of working for Government and business. They provide the opportunity to bring business and Government closer together to generate more innovative solutions to major policy and societal challenges.

The Technology Strategy Board has operated as an advisory body since October 2004. It will shortly become an executive non departmental public body based in Swindon. The Technology Strategy Board, which will be independent, will take over the funding of the £178m Technology Programme. The new board will fund industry R&D projects, advise Government and help UK businesses to take up new innovative technologies. It will also place more emphasis on the use of technology and innovation in the service sector, including in financial services and creative industries, which are key areas for the future.

Several downloads are available at:

Related News

  • News Archive

    Hangar IP

    by msecadm4921

    NIAR’s Aircraft Structural Testing and Evaluation Center located in the Hawker Beechcraft plant is a huge site – the size of football…

  • News Archive

    G4S Irish Buy

    by msecadm4921

    G4S plc has acquired Irish privately owned Omada Fire and Security Group. According to the multinationa security firm, it’s positioning them as…

  • News Archive

    College Options

    by msecadm4921

    How a college in Daventry has tackled anti-social behaviour. In recent months, Northampton College’s Daventry campus, in Badby Road West, has suffered…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing