UK still vulnerable to hackers

Security experts have rejected claims of a dramatic reduction in hack attacks on the UK last month, maintaining that UK websites are no more secure than others.

Security analyst Mi2G claimed that recorded digital attacks on the UK fell by 70 per cent during November, compared with an eight per cent decline worldwide.

The fall follows four consecutive record breaking months of activity, including October when the number of attacks reached 16,167, the highest ever number recorded in a single month.

But Neil Barrett, technical director at computer forensics specialist Information Risk Management, warned that there is little evidence to suggest that security levels are improving.

He argued that the drop pointed to companies becoming more adept at hiding malicious hacking activity from others.

"In the sorts of companies we do penetration testing for, I don't see a major shift in their levels of security, and my experience tells me that it's not any less easy to break into British sites," he told vnunet.com.

More companies are now treating IT security as a corporate governance issue, rather than a responsibility of the IT department, but complacency is still rife, according to Barrett.

"I worry sometimes that it's a fashion statement and that there are no policies or management controls to back it up," he said.

Mi2G believes that the drop in hacking activity is down to a concerted effort on the part of UK bodies, including the British Chambers of Commerce and the National Infrastructure Security Co-ordination Centre, to alert businesses to the escalating threat.

An Mi2G spokesman told vnunet.com: "The vulnerability trend for very large businesses and government departments appears to be shifting now as they begin to become more aware of digital risk issues and how to deal with them.

"There is always a danger of complacency, though. This often takes the form of believing that a firewall or antivirus tool kit is sufficient for all corporate security needs.

"In reality, a very holistic approach to security is needed since a sufficiently determined and experienced hacker group usually finds vulnerabilities in a corporate environment."