Nearly three-quarters (73
percent) of corporate network devices analyzed by Dimension Data during 2010
were carrying at least one known security vulnerability. This is almost double
the 38 percent recorded in 2009. Dimension Data also found that a single higher-risk
vulnerability, PSIRT 109444, which was identified by Cisco in September 2009,
was discovered in a staggering 66 percent of all devices, and was responsible
for this jump.
These were some of the key
findings in the Network Barometer Report 2011 published by the IT services and
solutions provider. The report covers aggregate data compiled from 270 TLM (Technology
Lifecycle Management) Assessments conducted in 2010 worldwide by the group for
organizations of all sizes across all industry sectors.
It reviews the networks’
readiness to support business by evaluating the configuration variance from
best practices, potential security vulnerabilities and end-of-life status of
those network devices. The report also found that the percentage of network
devices past last-day-of-support has dropped from 31 percent last year to 9
percent in the 2011 results, and the percentage of devices past end-of-sale
that are in “late stage” end-of-life sits at 47 percent, but there is some
evidence that organizations are more aware of where to draw the line when it
comes to risk.
“Given the pressure that
organizations are under from regulatory bodies, consumers and their executives
to protect customer information and privacy, as well as sensitive business
information from both cyber-criminals and competitors, it’s hard to believe
that they would knowingly expose themselves to this level of risk,” said Neil
Campbell, Dimension Data’s global general manager for security. “The truth of
the matter is that many organizations still don’t have consistent and complete
visibility of their technology estates. In fact, previous research not related
to the Network Barometer Report carried out by Dimension Data found that
clients are unaware of as much as 25 percent of their networking devices.”
While discovery processes
may be falling short of the market, Campbell said that apart from the one
security vulnerability on 66 percent of devices, organizations are trying to up
their game with regards to remediation. According to the report, the TLM
Assessment results showed that if PSIRT 109444 was taken out of the equation,
organizations had patched fairly well: The next four vulnerabilities were found
in less than 20 percent of all devices.
“To a hacker, a security
vulnerability is equivalent to leaving one’s front door unlocked,” Campbell
said. “And attempting to exploit vulnerabilities is usually the first port of
call when initiating an attack. That’s because it may provide the hacker with
full access to the device, which he could use as a launch pad to initiate
further attacks internally.