Number of software holes soars

IT departments were put on alert this week after it emerged that the number of security vulnerabilities discovered in commercial...

IT departments were put on alert this week after it emerged that the number of security vulnerabilities discovered in commercial software packages has soared by more than 80% in the past 12 months.

The bulk of the rise is made up of vulnerabilities classed as either moderately or highly severe, an analysis of data from the intrusion detection and firewall systems of 400 companies around the world revealed.

The news will put pressure on IT departments to adopt a more integrated approach to security and to prioritise resources to the most critical devices, said security supplier Symantec, which carried out the research.

"You have to understand your requirements, how well your servers are patched, how to update them, and which are the more vulnerable. If something occurs you can apply resources in the most appropriate fashion," said Richard Archdeacon director of technical services at Symantec.

More than 60% of the new vulnerabilities could be easily exploited by hackers, either because sophisticated tools are widely available or because no tools are required at all, the research revealed.

However, the findings showed that hackers are focusing their activities on only a fraction of the number of known vulnerabilities, giving IT departments an opportunity to marshal their defences accordingly.

Microsoft Windows and Windows 2000 were by far the most popular operating systems for attackers, together attracting 78% of attacks. Unix was targeted in 12% of attacks, followed by Linux at 8%.

Power and energy companies were the favourite targets for attackers, with about 66% reporting at least one severe event since June last year.

The financial services and telecoms industries reported a significant increase in the number of attacks during the past six months.

The research traced the origin of the majority of the attacks to the US, which has the highest proportion of the world's computer systems.

South Korea was the second most common base for hackers, largely because the high availability of broadband communications in the country makes it a favourite port of call for hackers.

Read more on IT risk management