NTA Monitor

Latest News

Living with threats

1st August 2010 Back in 2004, Bill Gates predicted that spam would be a thing of the past within two years. As we all know now, and quite a lot of people predicted at the time, far from being a solved problem, the volume of spam has continued to increase. Read More

Web application security goes from bad to worse in many sectors

27th July 2010 NTA Monitor's 2010 Annual Web Application Security Report analysed the data gathered from web application security tests performed for a wide range of industry sectors over a 12-month period... Read More

IT Managers get to grips with Internet security issues

4th May 2010 According to NTA Monitor's 2010 Annual Security Report, the average number of Internet security vulnerabilities afflicting organisations has fallen.. Read More

Responsible Patching

1st January 2010 Microsoft's response to the "zero day" exploit that was used in the cyber attacks against Google shows that software vendors still have a lot to learn when it comes to responding to vulnerabilities. Read More

IT Managers get to grips with Internet security issues

According to NTA Monitor's 2010 Annual Security Report, the average number of Internet security vulnerabilities afflicting organisations has fallen.

However IT security managers should not be complacent, as certain sectors have seen over a one hundred percent increase in vulnerabilities and instances of high-risks have remained stubbornly high, accounting for four percent of vulnerabilities found.

With the exception of just four vulnerabilities, all of the top ten high-risk vulnerabilities appeared on the equivalent list last year, suggesting that security managers are not heeding previous warnings, with the same high-risk issues reoccurring year after year. Incredibly, three of these confirmed high-risk vulnerabilities have featured in the top ten issues for the last five years.

This is compounded by the fact that 20% of organisations tested suffered one or more high-risk vulnerability - which are widely known and actively targeted by hackers - compared to a fairly similar figure of 21% in the 2009 report, so not a great deal has improved.

A dramatic change can be seen in the number of risks found per test in the Manufacturing sector. Comparing the 2009 and 2010 reports, the average number of vulnerabilities has doubled and of the top ten high-risks identified in the report, Manufacturing has all but three.

IT & Telecoms sector have seen the opposite effect, with a significant reduction of high-risk vulnerabilities from an average of three to one per test. Medium-risk vulnerabilities are heading in the same direction falling from an average of nine to five. This should be expected, in theory at least, considering that security managers in this industry should have a better understanding of the risks and the solutions.

Less dramatic but still significant, the Charities/Non Profit and Government sectors have both seen an increase in the number of high-risks. They displayed a broad range of vulnerabilities, with Government having every one of the top ten high-risk vulnerabilities and Charities having all but two. This is a surprise given the PCI and Code of Connection compliance requirements, although it is perhaps this additional level of scrutiny that is uncovering the increased level of risk within these industries.

The report analyses data from external Internet vulnerability tests conducted by NTA against UK organisations across ten industry sectors. A copy of the full report is available by emailing marketing@nta-monitor.com

This article was first released on: 4th May 2010