Average Penetration test on network finds 21 vulnerablities

NTA Monitor’s 2008 Annual Security Report has revealed that the average number of vulnerabilities found per test has increased to 21 compared with 19 in 2007, showing that IT security managers now have more issues with which to contend.

The report analyses data gathered from external Internet vulnerability tests conducted by NTA on UK organisations in a wide range of industry sectors, including finance, Government, retail, IT, charities and the legal sector. Apparently, the types of risk giving organisations the greatest headache are service-specific vulnerabilities and these types of security issues accounted for 60% of all risks identified.

Overall, the indication is that organisations are becoming more successful at avoiding critical vulnerabilities, with only 25% of companies tested containing one or more high risk vulnerabilities - which are widely known and actively exploited by hackers - compared to 32% in 2007.