NTA Monitor’s 2006 Annual Security Report has discovered that 61% of companies tested have one or more high risk vulnerability in their Internet connections. NTA classifies a high risk flaw as a vulnerability that allows unauthorised external users to obtain system access.
The report analyses data gathered from vulnerability tests conducted by NTA Monitor during 2005 on UK and international companies in a wide range of industry sectors, including charities, education, finance, government, IT, law and retail. The industry sector with the highest number of vulnerabilities was education, with an average of 61 risks per test, followed by government with an average of 26 risks per test. The lowest number of risks per industry sector was found in the mining sector and housing associations, which each had an average of 11 risks per test.
Roy Hills, Technical Director at NTA Monitor, says: “The majority of the high risk flaws found were service specific, relating to the services that were accessible within the gateways tested. Nine of the ten most commonly occurring high risk issues fell within this area, with the remaining issue being Internet router related. An attacker who was aware of the programs being used and their flaws could exploit those vulnerabilities to gain network access or launch a Denial of Service attack.”
Overall, the 2006 Annual Security Report findings show that although organisations tested have taken steps to reduce the amount of high risk security vulnerabilities on their networks, they are still too common, leaving companies and public sector organisations unnecessarily vulnerable.