Businesses Not Keeping Up with New Security Threats: Report
Nearly three-quarters (73 percent) of corporate network devices analyzed by Dimension Data during 2010 were carrying at least one known security vulnerability. This is almost double the 38 percent recorded in 2009. Dimension Data also found that a single higher-risk vulnerability, PSIRT 109444, which was identified by Cisco in September 2009, was discovered in a staggering 66 percent of all devices, and was responsible for this jump.
These were some of the key findings in the Network Barometer Report 2011 published by the IT services and solutions provider. The report covers aggregate data compiled from 270 TLM (Technology Lifecycle Management) Assessments conducted in 2010 worldwide by the group for organizations of all sizes across all industry sectors.
It reviews the networks’ readiness to support business by evaluating the configuration variance from best practices, potential security vulnerabilities and end-of-life status of those network devices. The report also found that the percentage of network devices past last-day-of-support has dropped from 31 percent last year to 9 percent in the 2011 results, and the percentage of devices past end-of-sale that are in "late stage" end-of-life sits at 47 percent, but there is some evidence that organizations are more aware of where to draw the line when it comes to risk.
"Given the pressure that organizations are under from regulatory bodies, consumers and their executives to protect customer information and privacy, as well as sensitive business information from both cyber-criminals and competitors, it’s hard to believe that they would knowingly expose themselves to this level of risk," said Neil Campbell, Dimension Data’s global general manager for security. "The truth of the matter is that many organizations still don’t have consistent and complete visibility of their technology estates. In fact, previous research not related to the Network Barometer Report carried out by Dimension Data found that clients are unaware of as much as 25 percent of their networking devices."
While discovery processes may be falling short of the market, Campbell said that apart from the one security vulnerability on 66 percent of devices, organizations are trying to up their game with regards to remediation. According to the report, the TLM Assessment results showed that if PSIRT 109444 was taken out of the equation, organizations had patched fairly well: The next four vulnerabilities were found in less than 20 percent of all devices.
"To a hacker, a security vulnerability is equivalent to leaving one’s front door unlocked," Campbell said. "And attempting to exploit vulnerabilities is usually the first port of call when initiating an attack. That’s because it may provide the hacker with full access to the device, which he could use as a launch pad to initiate further attacks internally.