Commerce, Featuring News, Press Releases, IT Directory & Links
ORGANISATIONS FACING A CHANGING THREAT LANDSCAPE
Published 12th October 2009
ORGANISATIONS FACING A CHANGING THREAT LANDSCAPE
5 October 2009: According to NTA Monitor’s 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise, revealing that organisations are once again battling against a steady stream of security issues.
Of the top ten most commonly occurring high risk security issues identified in this report, seven were not featured in the 2008 top ten, and this indicates that the threat landscape being faced by organisations and their IT departments is constantly changing.
Overall, the 2009 report highlighted that 27% of organisations tested contained one or more high risk vulnerabilities - which are widely known and actively targeted by hackers -compared to 25% in the 2008 report. More alarming is the revelation that, of those organisations with high risk issues, 22% had more than six high risk vulnerabilities identified within their Internet facing systems. In 2008, this figure stood at 8%.
Of the top ten risks, nine of these flaws were associated with services that are being made available to Internet users, demonstrating yet again that with increased functionality comes the threat of reduced security.
Of the ten sectors tested IT, government, services and not-for-profit have all seen an increase in the number of vulnerabilities found, with IT in particular rising by 63%.
In the government sector, NTA found an average of 29 vulnerabilities per test compared to the overall average of 23. This is a marked increase from the 2008 report and was the second highest on average across all sectors tested. While not entirely positive, this may be explained by the increased focus on the Government Connect GCSx Code of Connection, which is encouraging more local authorities to test for and address potential vulnerabilities within their systems. Roy Hills, Technical Director at NTA, said: “We would hope to find that these issues will not occur on such a large scale next year as the practice of regular testing, identification and remediation of issues becomes ingrained in the mindset of government IT departments.”
In the finance sector, while the average issue levels remain the same, despite the increased drive that has come from Payment Card Industry Data Security Standards (PCI) and other security related compliance drives, it is interesting to note that eight out of the top ten high risk flaws could be found in financial organisations. Hills comments: “If a financial institution has a security problem, the repercussions are potentially severe for the organisation itself as well as the companies and customers it deals with. It is vital that the finance industry considers IT security as an integral part of its business.”
It would appear that the PCI are having a positive effect on the retail sector, driving down the average number of issues from 21 in 2008 to just 16 in the 2009 report, which could be attributed to an increased awareness and focus on identifying and addressing security issues. The retail sector must keep up the good work, otherwise new vulnerabilities may catch them unawares, as highlighted by the vastly changed top ten security issues in this years report.
NTA Monitor advise that companies apply the following recommendations to minimise exposure to information security risks:
*Stay up to date on the latest vulnerability alerts and apply patches as soon as they become available.
*Allocate sufficient time, focus and control to ensure that preventative actions are carried out on an ongoing basis.
*Involve and educate the entire organisation on Internet security issues.
*Have a clear security policy that should be publicised and updated regularly.
The report analyses data from external Internet vulnerability tests conducted by NTA against UK organisations across ten industry sectors. A copy of the full report is available by emailing marketing@nta-monitor.com.
-ends-
About NTA Monitor
NTA Monitor, www.nta-monitor.com, is a market leading, innovative IT security testing, auditing and consultancy company that helps to protect its 600+ customers from loss of revenue and reputation.
The company provides a range of security services including vulnerability testing, web application testing, wireless infrastructure testing, BlackBerry and laptop security testing, IT risk assessments, security policy and procedure reviews and network architecture auditing in order to help prevent unauthorised access to organisation’s networks and data. NTA regularly finds new vulnerabilities through its test projects and research and development programmes.
NTA is a founder member of the CESG 'CHECK' scheme and the newly founded CREST (Council for Registered Ethical Security Testers). NTA is also an Approved Scanning Vendor (ASV) under the Payment Card Industry Data Security Standard (PCI DSS).
For further information, please contact:
Jacqui Delbaere, Delbaere Public Relations
Email: jacqui.delbaere@btinternet.com Tel: 07770 828791