By Rene Millman
19th June 2007
New DTI report finds that most people never change their password. A
third write them down on paper.
The biggest risk to an organisation's network security is human error,
according to a new report.
The research by the Department of Trade and Industry found that over a
third of respondents either wrote down their password on a piece of
paper or recorded it somewhere on their computer.
The study also found that nearly two-thirds of the 1800 UK adults
questioned said they never changed their passwords.
Minister for Science and Innovation Malcolm Wicks said that the survey
found that a large number of people were "careless with passwords,
unwittingly exposing themselves and their company to fraud and theft."
He added that the UK lost 440 million to credit card fraud last year and
that 62 per cent of companies experienced a network security incident.
Wicks said that this was a problem that needed to be fixed.
"Network security is also a major growth area where the UK has a good
opportunity to become a global leader if we develop new technology to
give us a competitive edge," said Wicks.
The department has embarked on four projects aimed at increasing network
security by cutting down the risk of human error. Each of the projects
will use behavioural science to tackle human error. The DTI has given
the projects 4 million in total.
Among the successful projects are a project, run by BAE Systems and
Loughborough University aimed at developing new ways of assessing an
organisation's security risk and the human factors involved.
Also, another project run by HP, Merrill Lynch, the University of Bath,
the University of Newcastle and University College London will develop a
predictive framework to assess the effectiveness security policies that
regulate interactions between people and information systems.
The other two projects will look at digital communication analysis to
look for potential security threats and tools to identify human
vulnerabilities in network security.
The projects are part of the DTI's Network Security Innovation Platform,
which was set up to develop new ideas to improve network security. The
DTI said that it estimated that development of this research could
represent an extra 125 million market for businesses in the UK.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com