Third of UK firms vulnerable to hackers

By

Almost a third of UK organisations have unpatched critical vulnerabilities compromising their IT security, new research warned today.

Third of UK firms vulnerable to hackers
However, the NTA Monitor 2007 Annual Security Report also revealed that the number of vulnerable firms has fallen compared to 2006, when some 61 per cent were open to attack.

The report analyses data gathered from vulnerability tests conducted by NTA on UK companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail.

Although the number of tests exposing vulnerabilities that may enable external users to gain unauthorised system access or disrupt service availability has almost halved, the picture is not bright for everyone.

While improvements in overall security have been achieved by most industry sectors, publishing and finance have seen an increase in the average number of vulnerabilities found per test.

For financial institutions, the average number of risks increased by 16 per cent year on year, while publishing saw an increase of 28 per cent.

"There are a variety of ways of causing denial-of-service attacks, one of which occurs when a server is bombarded with more information than it can handle, resulting in legitimate users being unable to access or use the network," said NTA Monitor technical director, Roy Hills.

"Other security flaws that our testing discovered could permit hackers to gain entry to corporate networks and change user passwords or delete files, which could wreak corporate havoc."

Of the 10 most commonly occurring critical vulnerabilities, seven were found in last year's report, indicating that these same issues continue to take their toll.

All of the top 10 high risk flaws are associated with services being made available to internet users, demonstrating that with increased functionality comes the threat of reduced security.

NTA Monitor recommends that companies:

  • Stay up to date on the latest vulnerabilities and apply patches and updates as soon as they become available


  • Allocate sufficient management time, focus and control to ensure that preventative actions are carried out on an ongoing basis


  • Involve and educate staff on internet security issues


  • Have a clear and up to date security policy, and publicise and update it regularly
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
firmshackersofsecuritythirdtoukvulnerable

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?