NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

Retail sector faces serious IT security issues

The retail sector needs to set out its stall and ring the changes in its security vulnerabilities if it is to avoid the potential for hackers to gain unauthorised system access and disrupt service availability, according to NTA Monitor's 2008 Annual Security Report. The retail sector was the third worst out of the 10 sectors tested and saw the largest annual increase (25 per cent) in the average number of risks. Although five of the 10 industry sectors tested, avoided high risk vulnerabilities altogether, retail was the only sector to demonstrate an increase in high risks since the previous year, despite the fact that it is the sector with the highest level of interaction with the public. As a PCI Standards Council Approved Scanning Vendor, NTA Monitor knows only too well the serious situations that a company with significant security vulnerabilities can find itself in.

NTA Monitor's Annual Security Report analyses data from external Internet vulnerability tests conducted for worldwide organisations across a wide range of industry sectors, including charities, education, finance, government, IT, law and retail..

Roy Hills, Technical Director at NTA Monitor, says: "This lack of attention to security makes retailers vulnerable on many levels. High risk vulnerabilities are widely known and actively exploited by hackers leaving many companies susceptible to attacks such as a buffer overflow on a server, malicious code being executed or gaining unauthorised entry to the corporate network. The industry relies on customer loyalty so if a customer has their personal details stolen or a publicised security incident occurs, they are sure to tell many more people than if they had received a good service, which could result in a loss of custom."

NTA Monitor can advise companies on the specific issues that need addressing, but also has generic advice on how organisations can get their house in order:

Apply patches and updates as soon as they become available to address the latest vulnerabilities
Ensure that preventative action is an ongoing process
Educate and make it a commitment for all staff, to be aware of Internet security issues
Update the security policy regularly and ensure that it is publicised and communicated.

A copy of the NTA Monitor Annual Security Report 2008 is available on request from NTA Monitor, email marketing@nta-monitor.com

This article was first released on: 23rd June 2008