Interpol warns firms over security 'vacuum'

The chairman of Interpol's European Working Party on IT Crime has warned that a "vacuum of knowledge" surrounding IT security means companies are exposing themselves to unnecessary risk.

Bob Jones, who also works as a computer security consultant at Queen Mary's college at the University of London, said too many companies took on IT security staff blindly believing that they would be able to 'pick up' the necessary knowledge as they went along.

"As more and more machines are interconnected, the problem is much more complex. These individuals need indepth training of technical security aspects but they also need management training - and knowledge about how to manage security issues," Jones said.

Companies across both the private and public sectors still did not view IT security as a core business issue, he warned.

His claims are mirrored in the latest Information Security Breaches survey conducted by PricewaterhouseCoopers on behalf of the Department of Trade and Industry, which found that lack of investment in security systems is allowing companies in the UK to fall victim to increasing security breaches.

The number of UK businesses that have suffered a malicious security incident since 2000 has almost doubled. Half of companies and four out of five large businesses fell victim over the past year to viruses, hacking attacks, fraud, and other information security breaches, compared with less than one in five in 1998.

The average cost of each serious breach is £30,000, and several companies reported incidents costing them more than £500,000, the report said.

But while three-quarters of UK businesses believe they hold sensitive or critical information, only one in four have a security policy in place to protect it.

"A lot of people just ignore the problem because they view it as a technical issue. Companies have to make IT security part of company policy. And it's easy to produce a paper document, but for it to work it has to be part of the company culture," Jones said.

"Unless you have full board level support for running secure systems, companies won't get the training and resources to support security experts," Jones added.

The European Working Party on Information Technology Crime consists of members of national computer crime units from Austria, Belgium, Denmark, Finland, France, Germany, Italy, the Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom.

Interpol is the second-largest international organisation after the United Nations, with 179 member countries spread over five continents.