Three quarters of network devices have a security flaw

THERE WAS A BIG JUMP in the number of corporate network devices with at least one known security vulnerability in 2010, according to researchers.

Dimension Data found that over 73 per cent of corporate network devices had at least one vulnerability that should have been patched. This was significantly higher than the 38 per cent of flawed network devices found in 2011.

However, the research may have been skewed by one particular vulnerability, PSIRT 109444, found in 2009 but present in 66 per cent of the network devices analysed during 2010. If you took out this particular flaw, it seems that organisations aren't doing too badly with patching, as the next four vulnerabilities were found in less than 20 per cent of the devices.

Another sign firms have been keeping up-to-date with their patching was a statistic that the percentage of network devices past the last-day-of-support had dropped dramatically in 2010, to nine per cent of devices compared to 31 per cent in 2009.

But Nigel Campbell, Dimension Data global general manager of security said one serious vulnerability is enough. He said, "It only takes one vulnerability to expose the entire organisation to a security breach, so organisations must do much more if they want to adequately protect themselves."

"To a hacker, a security vulnerability is equivalent to leaving one's front door unlocked. And attempting to exploit [known] vulnerabilities is usually the first port of call when initiating an attack."

"That's because it may provide the hacker with full access to the device, which he could use as a launch pad to initiate further attacks internally." µ