Banks warned on IT security

Banks warned on IT security

The number of vulnerabilities found in bank IT systems has risen by a fifth in the past year, according to a UK report by Internet security company NTA Monitor.

The NTA report details the most common vulnerabilities from testing a wide range of industry verticals in both the public and private sector.

Whilst improvements in overall security have been achieved by most industry sectors, NTA says results from the finance sector "have been disappointing".

Tests performed on financial organisations' public facing IT systems found nearly 20% more vulnerabilities compared to the same study last year, although the volume and distribution of flaws varied 'only slightly' to the 2006 results.

The average number of vulnerabilities found on bank IT systems was 19, which is close to the cross-industry average.

Overall the tests found an above average number of DNS, Internet router and registry database vulnerabilities in bank systems, although the number of service specific issues was below the cross-industry average.

Roy Hills, technical director at NTA Monitor, says the increase in security gaps could be down to the general growth in the amount of business done via the Internet.

Hills says financial firms "are being pushed more and more to open themselves up to the public by offering more online services or by allowing customers to access their personal financial data".

"Whilst this extra accessibility is of benefit to many customers, at the same time it can increase the exposure to external attacks," he says.

NTA warns that the increase in vulnerabilities is a problem for organisations aiming to become PCI complaint, because they must demonstrate that they are protecting client data or risk being blacklisted by card companies.

In addition, firms are also at risk of action from the Financial Services Authority (FSA), which has started to levy strong fines on banks that fail to have effective systems and controls to manage information security risks.

Earlier this year Nationwide was fined £980,000 by the FSA after an investigation into the theft of a company laptop from an employee's home last year exposed failings in its information security.

Comments: (0)