ICT services provider Dimension Data has found that nearly three-fourth corporate network devices carry atleast one known security vulnerability.
Dimension Data revealed the information about security vulnerabilities in its new report — Network Barometer Report 2011.
Around 73% of corporate network devices analysed in the study during 2010 were carrying at least one known security vulnerability. In 2009, the percentage was almost half at 38%.
The report says that a single higher risk vulnerability — PSIRT 109444** – which was identified by Cisco in September 2009, was found in 66% of all devices, and was responsible for the rise in vulnerabilities in the new study.
The report covers aggregate data compiled from 270 Technology Lifecycle Management (TLM) Assessments conducted in 2010 worldwide by the group for organisations of all sizes across all industry sectors. It reviews the networks’ readiness to support business by evaluating the configuration variance from best practices, potential security vulnerabilities, and end-of-life status of those network devices.
The report also said that the percentage of network devices past last-day-of-support has dropped dramatically from 31% last year to 9% in the 2011 results.
The percentage of devices past end-of-sale which are in ‘late stage’ end-of-life sits at 47%, but there’s some evidence that organisations are more aware of where to draw the line when it comes to risk, said the report.
Security Solutions Dimension Data global general manager Neil Campbell said that many organisations still do not have consistent and complete visibility of their technology estates. He added that previous research not related to the Network Barometer Report carried out by Dimension Data found that clients are unaware of as much as 25% of their networking devices.
"It only takes one vulnerability to expose the entire organisation to a security breach, so organisations must do much more if they want to adequately protect themselves," says Campbell.
"This includes increasing the number of regular network scans to ensure that any vulnerability is picked up before it causes serious business continuity, compliance failure, or reputational damage."
However, while discovery processes may be falling short of the market, Campbell said that apart from the one security vulnerability on 66% of devices, organisations are trying to up their game with regards to remediation.
"Organisations which are not ahead of the game when it comes to knowing and protecting themselves against the latest threats are playing a Russian Roulette of risk, and could be looking at a medium- to high-risk security threat like PSIRT 109444, and be at risk of a security vulnerability that falls into the extreme – or even critical – category."