NTA Monitor

Latest News

New version of network scanning tool arp-scan released

15th March 2011 A new version of a respected and popular network scanning tool has been released. Read More

Tests show rise in number of vulnerabilities affecting web applications with SQL Injection and XSS most common flaws

1st March 2011 SQL injection and cross-site scripting (XSS) were the most common flaws found in web applications in 2010 according to results from tests carried out by NTA Monitor. Read More

Assess risk to manage effects of budget cuts

9th February 2011 Signs of economic recovery may be appearing in some industries, but for most organisations - particularly in the public sector - budget cuts and cost savings are here to stay for the foreseeable future. Read More

"Basic security threats not changed in 15 years"

1st February 2011 There may have been significant technological advances to the hardware and software organisations use, but according to Roy Hills, who co-founded NTA Monitor in 1996, the basic security threats have not changed in the last 15 years. Read More

IT Managers get to grips with Internet security issues

According to NTA Monitor's 2010 Annual Security Report, the average number of Internet security vulnerabilities afflicting organisations has fallen.

However IT security managers should not be complacent, as certain sectors have seen over a one hundred percent increase in vulnerabilities and instances of high-risks have remained stubbornly high, accounting for four percent of vulnerabilities found.

With the exception of just four vulnerabilities, all of the top ten high-risk vulnerabilities appeared on the equivalent list last year, suggesting that security managers are not heeding previous warnings, with the same high-risk issues reoccurring year after year. Incredibly, three of these confirmed high-risk vulnerabilities have featured in the top ten issues for the last five years.

This is compounded by the fact that 20% of organisations tested suffered one or more high-risk vulnerability - which are widely known and actively targeted by hackers - compared to a fairly similar figure of 21% in the 2009 report, so not a great deal has improved.

A dramatic change can be seen in the number of risks found per test in the Manufacturing sector. Comparing the 2009 and 2010 reports, the average number of vulnerabilities has doubled and of the top ten high-risks identified in the report, Manufacturing has all but three.

IT & Telecoms sector have seen the opposite effect, with a significant reduction of high-risk vulnerabilities from an average of three to one per test. Medium-risk vulnerabilities are heading in the same direction falling from an average of nine to five. This should be expected, in theory at least, considering that security managers in this industry should have a better understanding of the risks and the solutions.

Less dramatic but still significant, the Charities/Non Profit and Government sectors have both seen an increase in the number of high-risks. They displayed a broad range of vulnerabilities, with Government having every one of the top ten high-risk vulnerabilities and Charities having all but two. This is a surprise given the PCI and Code of Connection compliance requirements, although it is perhaps this additional level of scrutiny that is uncovering the increased level of risk within these industries.

The report analyses data from external Internet vulnerability tests conducted by NTA against UK organisations across ten industry sectors. A copy of the full report is available by emailing marketing@nta-monitor.com

This article was first released on: 4th May 2010