[ISN] Third of UK firms vulnerable to hackers

From: InfoSec News (alerts@private)
Date: Mon May 14 2007 - 22:40:07 PDT


http://www.vnunet.com/vnunet/news/2189798/third-uk-firms-vulnerable

By Robert Jaques
vnunet.com 
14 May 2007

Almost a third of UK organisations have unpatched critical 
vulnerabilities compromising their IT security, new research warned 
today.

However, the NTA Monitor 2007 Annual Security Report also revealed that 
the number of vulnerable firms has fallen compared to 2006, when some 61 
per cent were open to attack.

The report analyses data gathered from vulnerability tests conducted by 
NTA on UK companies in a wide range of industry sectors, including 
charities, education, finance, government, IT, law and retail.

Although the number of tests exposing vulnerabilities that may enable 
external users to gain unauthorised system access or disrupt service 
availability has almost halved, the picture is not bright for everyone.

While improvements in overall security have been achieved by most 
industry sectors, publishing and finance have seen an increase in the 
average number of vulnerabilities found per test.

For financial institutions, the average number of risks increased by 16 
per cent year on year, while publishing saw an increase of 28 per cent.

Roy Hills, technical director at NTA Monitor, said: "There are a variety 
of ways of causing denial-of-service attacks, one of which occurs when a 
server is bombarded with more information than it can handle, resulting 
in legitimate users being unable to access or use the network.

"Other security flaws that our testing discovered could permit hackers 
to gain entry to corporate networks and change user passwords or delete 
files, which could wreak corporate havoc."

Of the 10 most commonly occurring critical vulnerabilities, seven were 
found in last year's report, indicating that these same issues continue 
to take their toll.

All of the top 10 high risk flaws are associated with services being 
made available to internet users, demonstrating that with increased 
functionality comes the threat of reduced security.

NTA Monitor recommends that companies:
    
* Stay up to date on the latest vulnerabilities and apply patches and 
  updates as soon as they become available
    
* Allocate sufficient management time, focus and control to ensure that 
  preventative actions are carried out on an ongoing basis
    
* Involve and educate staff on internet security issues
    
* Have a clear and up to date security policy, and publicise and update 
  it regularly


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon May 14 2007 - 22:51:21 PDT