Basic IT security flaws at UK financial services firms could lead to Web banking facilities being exposed to hackers and taken offline, according to a report by Internet security company NTA Monitor.
More than nine out of ten financial organisations tested for the Vertical Market Security Report showed basic flaws, such as router and firewall vulnerabilities, that could put the availability of online banking systems in jeopardy.
Roy Hills, technical director, NTA Monitor, says: "Tighter security across all areas needs to be made a priority today and the holes plugged quickly – or this could become a turkey shoot for hackers."
The report spotlights the financial sector as having the worst record for router security compared to other sectors, with 94 per cent of financial firms tested showing flaws that could cause major disruption to online services.
The company says router security is overlooked by many sectors because it is outside the corporate firewall and is not a system containing customer data that could be hacked. Also routers are often managed by an ISP, so security is considered to be the service provider's problem.
The report also found that firewall performance at financial firms is getting worse, with 46 per cent of those tested showing flaws in this area.
Nearly a third of organisations - 31 per cent - were found to have at least ten IT flaws, exposing systems 'considerable' risk of attack, while 38 per cent of sites had between two and five medium level risks, which could directly result in disruption of service by external attackers or provide unauthorised access if incorrectly configured.
NTA Monitor says UK financials are also allowing unrestricted access to services on border routers, leaving them open to information disclosure and Denial of Service risks. Additionally, some software versions contain bugs that allow certain requests to crash the system.
Hills says he expected financial organisations to have the tightest security and the results are surprising given the fierce competition in the financial sector.
"Many of the problems highlighted can be fixed in under 20 minutes, with the right knowledge and the right mindset. So cost of new software or infrastructure is not the major constraint," adds Hills.
The Vertical Market Security Report 2003 is based on analysis of more than 600 network perimeter security tests undertaken by NTA Monitor. The research analysed test results across the financial, government, legal, IT & telecommunications, manufacturing and services sectors.