Top UK companies are failing on IT security, says KPMG

Friday 26 July 2013

Britain's largest companies are setting a poor example for the rest of the private sector by failing to prevent cyber-attacks, it has been claimed.

According to Big Four consultancy KPMG, FTSE 350 companies are leaking data that can be used by fraudsters to access intellectual property, perpetrate fraud and inflict reputational damage.

In a recent study, the firm found that every single public company on this list was leaking data by leaving employee usernames, email addresses and sensitive internal file location information online.

KPMG found that, on average, 41 usernames, 44 email addresses and five sensitive internal file locations were available for each company.

Companies in the aerospace and defence sector recorded the highest number of leaked internal email addresses - a fundamental component to sending phishing emails.

Martin Jordan, head of cyber response at KPMG, said the research showed that companies do not have full control of their web presence at a time when cyber security has been turned upside down.

"Hacking is no longer about a few hacktivists," he warned.

"Now, hacking has become automated on an industrial scale - often with state sponsored agencies behind it - and attackers are aiming for an increased competitive edge by stealing company secrets and IP, or purely seeking financial gain through fraud."

Mr Jordan said businesses need to be more responsible when using the internet.

"While the internet may be a shop window to the world – it can also be a substantial security risk. Companies should accept that cyber threats are real," he added.

"Protecting their networks is not just about self-interest; is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population."

Microsoft IT security solutions can help safeguard your business against online attacks.

Posted by Alex Boardman