Information Security Bulletin

UK IT Security Improving

14 May 01:01

NTA Monitor's 2007 Annual Security Report has revealed that 32 per cent of UK organisations tested had critical vulnerabilities that are widely known and actively exploited by hackers, compared to 61 per cent in 2006, indicating that companies have improved their security posture in the last year.

The report analyses data gathered from vulnerability tests conducted by NTA on UK companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail. Although the number of tests exposing vulnerabilities that may enable external users to gain unauthorised system access or disrupt service availability has almost halved, the picture is not bright for everyone. Whilst improvements in overall security have been achieved by most industry sectors, publishing and finance have seen an increase in the average number of vulnerabilities found per test. For financial institutions, the average number of risks increased by 16 per cent year on year, whilst publishing saw an increase of 28 per cent.

Roy Hills, Technical Director at NTA Monitor, says: "There are a variety of ways of causing Denial of Service attacks, one of which occurs when a server is bombarded with more information than it can handle, resulting in legitimate users being unable to access or use the network. Other security flaws that our testing discovered could permit hackers to gain entry to corporate networks and change users passwords or delete files, which could wreak corporate havoc.

Of the 10 most commonly occurring critical vulnerabilities, seven were found in last year's report, indicating that these same issues continue to take their toll. All of the top 10 high risk flaws are associated with services that are being made available to Internet users, demonstrating that with increased functionality comes the threat of reduced security.

NTA Monitor recommends that companies apply the following recommendations to raise awareness and minimise their exposure to IT security risks:

Stay up to date on the latest vulnerabilities and apply patches and updates as soon as they become available
Allocate sufficient management time, focus and control to ensure that preventative actions are carried out on an ongoing basis
Involve and educate staff on Internet security issues
Have a clear and up to date security policy. Publicise and update it regularly.

A copy of the NTA Monitor Annual Security Report 2007 is available on request from NTA Monitor.

Related links: (Open in a new window.)
www.nta-monitor.com/

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe?

Download a free sample copy!

Download the much quoted October 2005 Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Legal Issues
Of Trojans, Cheerleaders and Cuckoos…
Jon Colombo

Web Security
Web 2.0 vs. Web 1.0 – Security Standpoints and Challenges
Shreeraj Shah

Computer Forensics
Trends In Disk Drives and Data Transfer Speed
Steven Branigan