IT Security Brings Down Vulnerabilities in U.K. Companies

With improvement in their IT security, U.K. organizations have brought down critical vulnerabilities in 2006, according to a research publication on May 14, 2007.

IT security testing Company NTA Monitor revealed in its 2007 Annual Security Report that after conducting certain tests 32% of the organizations in U.K. were found with critical vulnerabilities. These vulnerabilities are widely known and hackers actively exploit them. However, they came down from 61% in 2006.

NTA Monitor conducted vulnerability tests on U.K. companies belonging to different sectors viz. finance, IT, law, government, education, charities and retail.

As a result of the tests, although the number of vulnerabilities allowing third-party users to acquire unlawful access of systems or disrupt services has been reduced to nearly half, the scenario is still not bright.

The overall security has improved in most sectors of the economy; however, finance and publishing experienced a growth in vulnerabilities, the research found. The average threats for financial services rose by 16% while publishing had a 28% increase.

There are different ways to cause denial-of-service attacks, said Roy Hills, technical director at NTA Monitor. The most common way is by bombarding a server with excess information. When the server can't handle all that data, the DoS attack occurs. As a result legitimate users can't access or operate with the network. ITPRO reported this on May 14, 2007.

The testing discovered other security flaws that could allow hackers to access corporate networks and modify user passwords or erase files. This could prove dangerous to corporate operation, Hills warned.

There are 10 most common critical vulnerabilities of which last year's report indicated 7. This means some issues continue to appear again. The 10 high-risk vulnerabilities are related to services for Internet users showing that as functionality increases, security diminishes.

To minimize companies' contact with IT security threats, Hills recommended them to raise awareness, keep systems updated with latest patches, and allot sufficient time to management. There should also be increased control, so that preventive measures are in place on a continuous basis. Further, companies should keep comprehensive policy guidelines handy for their staff.

Related article: ID Theft Victims Will Double In Next Four Years

» SPAMfighter News - 5/21/2007