Around 73% of network devices carry at least one known security vulnerability, and this puts business information at risk of data theft by cyber criminals and competitors.
This is according to the Dimension Data Network Barometer Report 2011, which saw the percentage of vulnerable network devices in SA doubling compared to a reported 38% in last year's assessment.
This is opening up networks to security risks as well as a myriad of compliance issues, says Tertia Labuschagne, Dimension Data's head of strategy and business development.
The Network Barometer Report 2011 collected data from 270 technology life cycle management assessments conducted by Dimension Data in 2010.
The report reviews networks' readiness to support business by evaluating best practices, potential security vulnerabilities and end-of-life status of network devices.
It discovered that as much as 25% of businesses are unaware of how many devices and what type of devices are connected to their networks. In addition, it found, companies are not updating nor patching the software versions on these devices.
Labuschagne says: “What this indicates is that people are not paying enough attention to the software aspect of network security, which is a big concern.”
According to the report, a security vulnerability is tantamount to an unlocked door and is a hacker's first port of call for initiating an attack.
Hacking into a network consists of discovering vulnerabilities and then creating an exploit (a programme or set of instructions) that takes advantage of the vulnerabilities.
Labuschagne explains that companies are generally avoiding updating their software or properly configuring their networked devices, in order to avoid complexity, coupled with the fear of downtime and the impact this could have on the business.
She says refusing to update to the latest operating system version opens the network to security vulnerabilities.
According to Dimension Data, the average number of configuration violations per device has decreased by 30%.
Labuschagne adds: “We've consistently seen a large amount of devices with configuration issues.
“In bigger organisations, they have fewer devices affected, but this is because they have more sophisticated IT departments and tools to assist them. Small organisations face loosely spread IT resources and are not configuring their devices properly.”
According to Labuschagne, most organisations regard security patching as labour-intensive and time-consuming, while many organisations tend to adopt a head-in-the-sand approach when it comes to network security.
Dimension Data urges companies to deploy asset discovery solutions, as well as vulnerability detection and risk assessments.
Without the prioritisation of assets, the company says organisations will be forced into expensive, resource-intensive 'patch all' scenario, or may or fall into a dangerous 'patch none' or 'patch some' approach.
McAfee recently published a study on how IT decision-makers view the challenges of risk and compliance management in a highly regulated and increasingly complex global environment.
The study found that the biggest challenges companies face include identifying threats, followed closely by discovering vulnerabilities in their systems. Knowledge of which systems are adequately protected from threats was the third-biggest challenge.
Share