European firms 'still failing on security'

IDC has lambasted European firms for their approach to security, but has also said it thinks things will get better soon

European businesses are still failing to effectively implement security measures across their organisation and are adopting a "lacklustre approach" to the integrity of the data and systems, according to a report from analysts IDC.

The main reason for this appears to the be the continued growth of what can be defined as an IT security issue, with recent issues such as compliance further complicating the picture.

Against such strong criticism it is perhaps unsurprising the analyst house predicts things will get better — largely because they have to.

Thomas Raschke, programme manager of IDC's European security products and strategies research, said in the report that European businesses are starting to realise "a holistic approach to security is not just nice to have, but paramount for survival and an integral part of any successful business strategy".

He said this realisation, as well as the increasing complexity of the security equation will continue driving the revenues of the already buoyant security industry ever upwards.

"Corporate concerns with endpoint security, regulatory compliance, spyware, spam, worms, viruses, digital identities, mobility and complexity will help to drive the security software market to achieve almost $6bn (£3bn) in revenue in 2009," said Raschke.

One area of increasing concern relates to the mobility of data — mobile workforces and an increasing movement of data within the organisation and in the outside world. Also identity and access management are appearing on more companies' radar screens.

Similarly the spectre of compliance now hangs over many IT departments, with data retention and protection heavily loaded with security implications.

And then there are the traditional threats most commonly seen arriving via email.

Figures out today from SurfControl have revealed phishing scams in particular are still increasing rapidly, putting pressure on IT and HR departments to do what they can to protect staff.

With staff increasingly being required to use email as part of their working lives it is imperative companies exercise an appropriate level of care to protect staff and protect themselves from potential litigation.

SurfControl claims phishing scams have increased from 1 percent to 8.3 percent of all spam since the beginning of the year.

The levels of scam emails hitting users inboxes is now the same as the amount of potentially offensive adult spam, exposure to which could also result in claims of a failure in the duty of care on the part of companies.

Steve Purdham, chief technology officer at SurfControl, said even companies who are protecting staff today cannot afford to rest on their laurels.

"As spam filtering technology becomes more comprehensive, fraudsters are becoming more devious in their techniques," he said.

Purdham said the rapid growth of spyware is another threat companies must wake up to, especially as it threatens to betray sensitive corporate data — as seen with the attempted robbery of the Sumitomo Mitsui Bank earlier this year.