Priority-based patching extending lifespan of outdated equipment: Dimension Data

Recent equipment refreshes have not prevented Australia’s network infrastructure from being vulnerable to failure and security breaches, a new study has warned.

Dimension Data’s 2015 Worldwide Network Barometer found that 48 per cent of Australia’s network equipment is so old that it is no longer eligible for security patches – while a further 67 per cent carry at least one security vulnerability.

Although Australia’s network infrastructure was “still quite exposed”, Paul O'Donohoe, networks general manager with Dimension Data, said that local organisations had moved with the world in implementing more targeted network investment strategies since the global financial crisis.

This approach had seen organisations minimise network operation costs by dealing with vulnerabilities and patching on a case-by-case basis, rather than attempting to enforce standard approaches across all of their infrastructure.

Although Australian companies were hit “quite substantially less than the rest of the world,” O'Donohoe said, “there’s been a change in behaviour. Networks now are a business enablement tool rather than just a compliance engine – and so now companies are now only really investing where the need is, rather than to make sure it’s standard across the entire network.

This approach had driven many companies to extend the life of their assets as long as possible, rather than upgrading them.

“Over the last couple of years we've seen an acceptance to sweat the asset rather than make sure they’re all up to the latest specification,” O'Donohoe said. “However, over the last 12 months we’ve seen more and more change inside the (network) environment based on the need for business agility.”

The strategy was expected to improve network resilience – however, it’s not clear how well it has worked.

NTT Group’s 2014 global threat intelligence report, released last month, found that 76 per cent of vulnerabilities detected in organisations were at least two years old while 9 per cent were at least 10 years old.

Read more: Spooked by big-name hacks, executives ignoring surge in internal security breaches

Given that study only dealt with vulnerabilities carrying high threat scores, NTT Group wrote that the finding “should be cause for significant concern about the effectiveness of patch management solutions”.

Banks and other financial institutions continued to be the industry sector most frequently targeted by hackers, accounting for nearly 18 per cent of all attacks NTT Group's analysis detected in 2014.

Attacks against professional services were on the rise.

There was a bright spot for organisations, with NTT Group finding that number of DDoS attacks it was called to respond to fell to 18 per cent in 2014 – nine per cent less than 2013.

Yet any relief may be short-lived: responses to malware threats increased by the same margin, to account for 52 per cent of incidents. This suggests that attackers are changing their attack patterns rather than reducing them.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Tags network infrastructuredimension datasecurity vulnerabilitysecurity breachesPaul O’Donohoevulnerablebarometer

Show Comments