Three-quarters of corporate network devices hit by security flaws

Nearly three-quarters of corporate network devices have at least one security vulnerability, according to new research from IT consultancy Dimension Data which makes pretty grim reading for IT security bosses.

The firm recorded a jump of nearly twice the number of organisations that reported vulnerabilities in 2009, the main culprit being a single high risk vulnerability - PSIRT 109444** - which was identified by Cisco in September 2009.

This flaw was found in a whopping 66 per cent of those companies surveyed for Dimension Data's Network Barometer Report 2011.

On the one hand it is heartening that, aside from this one flaw, organisations are protecting themselves pretty well against attack. The report also found that the percentage of network devices past last-day-of-support dropped pretty spectacularly from 31 per cent last year to just nine per cent this year.

However, the main takeaway from the research is slightly less reassuring, proving that many firms simply do not have enough visibility into their IT environments. Some IT managers have no visibility into as much as a quarter of their firm's devices, according to Dimension Data.

"It only takes one vulnerability to expose the entire organisation to a security breach, so organisations must do much more if they want to adequately protect themselves," said Neil Campbell, general manger of security at the consultancy.

"This includes increasing the number of regular network scans to ensure that any vulnerability is picked up before it causes serious business continuity, compliance failure or reputation damage."

It's pretty clear from research like this that many firms are still not following best practice when it comes to systems management and patching, despite the fact that numerous products exist today which can automate the process to the point where little time or effort needs to be spent on such tasks.