TechnologyAccounting SoftwareUK businesses at mercy of hackers

UK businesses at mercy of hackers

A third of UK businesses are leaving themselves exposed to hackers by failing to crack down on medium and low-level security flaws, according to the results of a network monitoring survey.

Link: Businesses ignore new security standard

The fifth annual Security Audit survey by consultant NTA Monitor found that, despite tackling major security vulnerabilities, UK companies are failing to address smaller flaws.

The audit examined data from more than 600 regular network perimeter security tests carried out by the company at client sites during 2002. One-third of corporate networks tested were found to have at least 10 flaws.

‘A third of companies we examined were guilty of bad security housekeeping,with unacceptably high levels of basic flaws found,’ said Roy Hills, technical director at NTA Monitor, in the report.

‘Although corporates are clearly prioritising security vulnerabilities and addressing high-profile issues this is at the expense of a much larger number of lower-profile vulnerabilities, which are being ignored.

‘The net result is that corporate networks remain exposed to external attack.’

Just 6% of businesses had a high-risk vulnerability which could allow hackers to access and take control of computer systems – down from 19% the previous year.

But medium-profile vulnerabilities were found in 73% of tests, and low-profile vulnerabilities were found in every test instance.

Vulnerabilities in router and firewall systems remain at an ‘unreasonably’ high level, often because they are installed with a standardised configuration geared towards functionality and up-time, said the survey.

Medium-risk issues allow external users to disrupt services or internal users to gain unauthorised access to systems, and a low-risk issue provides information that could be useful to a hacker in attempting an external attack, according to NTA Monitor.

The survey found that the main low-level flaws causing problems are DNS vulnerabilities, which have risen from 70% in 2000 to 83% last year.

The DNS Zone Transfer vulnerability enables hackers to gain a company’s DNS data, such as network names and addresses, which can be utilised in malicious attacks.

Server-related vulnerabilities were the only area to show a fall during the five years of the survey, down to 73% this year from 86% last year. NTA Monitor put this down to the increased level of management attention devoted to websites.

Users should focus on good security design and policy and then configure all systems according to that plan, advised NTA Monitor.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter