NTA Monitors 2006 VPN Security Report reveals that the IT industry is the most vulnerable sector to network attacks. Tests were conducted on the following sectors charities, finance, government, IT, manufacturing and utilities.
Roy Hills, Technical Director at NTA Monitor, said: There is a certain kudos attached to infiltrating companies in the technical arena, making the IT industry a very attractive target to attackers. Its worrying that organisations that many would assume to be the safest do in fact appear to be the most vulnerable.
Of the IT organisations tested, an average of nine vulnerabilities were found per organisation, most of which were classified as low level risks. However, the number of medium risks identified, which may enable external attackers to disrupt VPN services or gain unauthorised network access, was above average, indicating that IT is the most insecure sector.
Overall, the 2006 VPN Security Report findings show that although organisations tested have taken the necessary steps to reduce high risk security vulnerabilities, medium, low and informational level risks are still very common leaving companies and public sector organisations vulnerable.
Of all the risks discovered, 17% were classified as medium level risk while the majority (64%) were of a low criticality level. The lower risk vulnerabilities will allow attackers to gain valuable information, which combined with other vulnerabilities, can lead to a denial of service attack or let hackers view and use confidential data.
Hills continued: These findings indicate that not only do IT organisations need to tighten their policy on IT security housekeeping and its implementation, but also that they need to act on flaws as they are discovered to minimise the risk of attack. My concern is that, in reality, Internet and network security could be a lot worse than our findings show since our customers, by their very nature, are security conscious and undergo regular testing.
The reports recommendations include operating VPN connections through a dedicated VPN system rather than a firewall and improving encryption and authentication methods.
More detailed sector and regional results are available in the full report, along with the white papers, on request from NTA Monitor. Call +44 (0)1634 721855 and ask for Sarah Davey or email firstname.lastname@example.org.