Third of UK corporates open to hackers

Link: Lack of audit trail helps hackers

According to security firm NTA Monitor, UK businesses are drowning under a rising tide of medium- and low-level security flaws as organisations fight to deal with high-risk security flaws.

Its research – based on an analysis of almost 500 network perimeter security tests of clients in both the public and private sector – found that a third of corporate networks have at least ten flaws, opening themselves to “considerable risk of malicious attack”.

High-risk flaws were discovered in only 3.9% of tests, while medium flaws were found in 74.3% of tests and a low risk vulnerability of some kind was found in every test performed.

‘The front door is locked and the burglar alarm is on, but the windows are open, the back gate is off the latch and there’s a ladder up against the back wall,’ said NTA Monitor technical director Roy Hills, in a statement.

‘Corporate UK and public sector organisations are wide open to medium- and low-level flaws. This is a woeful situation considering increased focus on enterprise security issues over the last 12 months,’ he added.

Security issues relating to the configuration of internet routers were found to account for the most frequently identified vulnerability. Poorly configured routers could allow an attacker to let themselves in to a network and could also be used as a stepping stone to attack other systems, NTA warned.

The most common problem NTA found threatening its customers is Denial of Service (DoS) attacks.

High-level flaws have drop steadily over the last four years, down from 21% in 2001, to 6% in 2003 and 3.9% in 2004. Low-level flaws were identified in all networks in both 2003 and 2004, while medium-level flaws climbed from 73.0 per cent in 2003 to 74.3 per cent in 2004.

Related reading

HMRC banknotes