WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Organizations worldwide not keeping up with new security threats

Over 73 percent of corporate network devices analysed by Dimension Data during 2010 were carrying at least one known security vulnerability. This is almost double the 38 percent recorded in 2009. The data also revealed that a single higher risk vulnerability - PSIRT 109444 – which was identified by Cisco in September 2009, was found in a staggering 66 percent of all devices, and was responsible for this jump.

These are some of the key findings in the Network Barometer Report 2011 published by the global specialist IT services and solutions provider.

The Report covers aggregate data compiled from 270 Technology Lifecycle Management (TLM) Assessments conducted in 2010 worldwide by the Group for organizations of all sizes across all industry sectors. It reviews the networks’ readiness to support business by evaluating the configuration variance from best practices, potential security vulnerabilities, and end-of-life status of those network devices.

“Given the pressure that organizations are under from regulatory bodies, consumers and their executive to protect customer information and privacy, as well as sensitive business information from both cyber criminals and competitors, it’s hard to believe that they would knowingly expose themselves to this level of risk”, says Neil Campbell. “The truth of the matter is that many organizations still don’t have consistent and complete visibility of their technology estates.”

But it’s not all bad news. While discovery processes may be falling short of the market, Campbell said that apart from the one security vulnerability on 66% of devices, organizations are trying to up their game with regards to remediation. According to the Report, the TLM Assessment results showed that if PSIRT 109444 was taken out of the equation, organizations had patched fairly well: the next four vulnerabilities were found in less than 20% of all devices.

PSIRT 109444

A PSIRT is a software vulnerability that has been identified by Cisco’s Product Security Incident Response Team. Each PSIRT identifies a unique IOS vulnerability based on extensive lab testing and research by Cisco.

However, as the prevalence of PSIRT 109444 illustrates, a pervasive threat can occur literally overnight.

“It only takes one vulnerability to expose the entire organization to a security breach, so organizations must do much more if they want to adequately protect themselves,” says Campbell. “This includes increasing the number of regular network scans to ensure that any vulnerability is picked up before it causes serious business continuity, compliance failure, or reputational damage.”

Could just one security vulnerability really put an organization at this level of risk?

“Absolutely,” Campbell says. “To a hacker, a security vulnerability is equivalent to leaving one’s front door unlocked. And attempting to exploit vulnerabilities is usually the first port of call when initiating an attack. That’s because it may provide the hacker with full access to the device, which he/she could use as a launch pad to initiate further attacks internally.

“Organizations which are not ahead of the game when it comes to knowing and protecting themselves against the latest threats are playing a Russian Roulette of risk, and could be looking at a medium- to high-risk security threat like PSIRT 109444, and be at risk of a security vulnerability that falls into the extreme - or even critical - category.”

Other significant findings in the Report include:

* The percentage of network devices past last-day-of-support has dropped dramatically from 31 percent last year to 9 percent in the 2011 results;

* The percentage of devices past end-of-sale which are in ‘late stage’ end-of-life sits at 47 percent, but there‘s some evidence that organizations are more aware of where to draw the line when it comes to risk.

To download the Network Barometer Report 2011, please visit www.dimensiondata.com/networkbarometer

•Date: 25th May 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here