Computer hacking ‘costs billions’ Three-quarters of UK companies are hit by security breaches in their computer systems, a survey finds.
Having worked in the secuirty industry, this headline comes as no surprise. As most companies seem to be under the impression that the cost of a system is the installation cost only. Very few companies seem to consider the ongoing cost of maintenance and monitoring. With the advent of broadband more and more companies are plugging into the NET with a fixed ip which makes the crackers job even easier as they can concentrate on running a batch of Linux scripts against the IP to expoit the machine.
The other problems that company face, is the fact that their firewall rules may be perfect in that they only allow in port 80 traffic to their web server. This creates a false sense of comfort as they believe that they are now safe. This to a certain extent may be true, however bugs in the webserver or database server are often the weakest link. So even though you may have the correct firewall rules, you may still be open to exploits.
Companies need to adopt a proactive approach and check the daily cert advisories. Also the OS should be updated on a regular basis.