Corporate IT vulnerabilities are hitting record levels, says report

New vulnerabilities are being discovered at an average of 10 a day, says specialist.

New vulnerabilities are being discovered at an average of 10 a day, says specialist.

Businesses are under threat from organised criminal groups, following a rise in the number of vulnerabilities discovered in corporate computer systems to record levels, according to research.

A report from information security specialist Symantec, to be released today (7 March), shows that 1,900 new vulnerabilities were discovered over the past six months, equivalent to 10 new vulnerabilities a day, the highest figure recorded by the company.

The research follows Department of Trade and Industry reports that virus infections are still hitting firms hard, despite a 66% fall in the overall rate of infection over the past two years (Computer Weekly, 28 February).

According to Symantec's internet security threat report, 97% of the new vulnerabilities are highly or moderately severe, and 79% are easy to exploit.

The trend will put pressure on businesses to adopt multi-layered approaches to security, rather than relying on firewalls alone, said Richard Archdeacon, director of Symantec's innovation group. "Businesses are facing an increasing threat. People have to move beyond the idea that they can hide behind the firewall. You have to have integrated defences."

This means keeping systems patched, installing anti-virus systems at the gateway and the desktop, anti-spyware systems, and intrusion detection systems.

The report shows there has been a significant increase in the number of vulnerabilities being found in web-based applications, which are increasingly being targeted by hacking groups, Archdeacon said.

The past six months have also seen organisations facing increased threats from viruses designed to surreptitiously steal corporate information, with 80% of the top 50 viruses having the capability.

An increasing proportion of viruses are modular in design, allowing hackers to build custom code designed to launch attacks on specific targets.

With fewer criminals developing viruses from scratch, the number of virus families in circulation on the internet has fallen from 170 to 104 over the past six months.

Denial of service attacks were up by 50%, to 1,400 attacks a day, driven by a rise in the number of blackmail attempts against online gaming sites. Phishing attacks rose by 40% to 7.92 million attempts a day.

But the time between the announcement of a vulnerability and hackers developing exploit code has risen from six to 6.8 days. However,  companies had to wait an average of 49 days for suppliers to issue a patch.

Read more on IT risk management