A third of UK corporates open to hackers

A third of UK companies and public sector organisations are 'wide open' to hackers because they are ignoring basic security flaws, industry experts have warned.

According to security firm NTA Monitor, UK businesses are drowning under a rising tide of medium and low-level security vulnerabilities as they fight to deal with high-risk security flaws.

The company's research - based on analysis of almost 500 network perimeter security tests of clients in both the public and private sector - found that a third of corporate networks have at least 10 flaws, opening themselves to "considerable risk of malicious attack".

High-risk flaws were discovered in only 3.9 per cent of tests, while medium flaws were found in 74.3 per cent of tests and a low-risk vulnerability of some kind was found in every test carried out.

"The front door is locked and the burglar alarm is on, but the windows are open, the back gate is off the latch and there's a ladder up against the back wall," said NTA Monitor technical director Roy Hills in a statement.

"Corporate UK and public sector organisations are wide open to medium and low-level flaws. This is a woeful situation considering increased focus on enterprise security issues over the last 12 months."

Security issues relating to the configuration of internet routers were found to account for the most frequently identified vulnerability.

Poorly configured routers can allow an attacker to let themselves into a network and can also be used as a stepping stone to attack other systems, NTA Monitor warned.

The most common problem the security firm found threatening its customers was denial of service (DoS) attacks.

High-level flaws have dropped steadily over the last four years, down from 21 per cent in 2001 to 6 per cent in 2003 and 3.9 per cent in 2004.

Low-level flaws were identified in all networks in both 2003 and 2004, while medium-level flaws climbed from 73 per cent in 2003 to 74.3 per cent in 2004.