UK companies' infrastructure is becoming more secure, according to new research.
Results from IT security testing company NTA Monitor's 2007 Annual Security Report revealed that 32 per cent of UK organisations tested had critical vulnerabilities that are widely known and actively exploited by hackers. This is down from 61 per cent in 2006.
The report gathered data gathered from vulnerability tests conducted by the company on UK companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail.
While improvements in overall security have been achieved by most industry sectors, publishing and finance have seen an increase in the average number of vulnerabilities found per test. For financial institutions, the average number of risks increased by 16 per cent year on year, while publishing saw an increase of 28 per cent.
Roy Hills, Technical Director at NTA Monitor said that of the ten most commonly occurring critical vulnerabilities, seven were found in last year's report, indicating that these same issues continue to take their toll. All of the top ten high risk flaws are associated with services available to internet users. Hills said this demonstrated that with increased functionality comes the threat of reduced security.
"There are a variety of ways of causing Denial of Service (DoS) attacks, one of which occurs when a server is bombarded with more information than it can handle, resulting in legitimate users being unable to access or use the network," said Hills.
He said that other security flaws that the company's testing discovered could permit hackers to "gain entry to corporate networks and change users' passwords or delete files, which could wreak corporate havoc."
Hills recommended that companies should raise awareness and minimise their exposure to IT security risks by updating systems with the latest patches as soon as they become available and to allocate sufficient management time, focus and control to ensure that preventative actions are carried out on an ongoing basis. He also said that clear policy guidelines should be made available to all staff.
