Ping & People

Dominic Monkhouse

Subscribe to Dominic Monkhouse: eMailAlertsEmail Alerts
Get Dominic Monkhouse via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Many Firms 'Offer Confidential Details' Online

Many corporate websites could be inadvertently exposing information that can allow access to hackers.

This is according to research conducted by KPMG, which revealed there are several common errors businesses make when hosting corporate websites. In fact, 15 per cent of companies on the Forbes 2000 list of enterprises offer hackers the ability to access private login portals or test features. As well as potentially giving access to criminals people could upload malware via these vulnerabilities.

One of the most common issues was found to be temporary files, which sometimes reveal useful information about a website that hackers could exploit. KPMG found 553 occurrences of this during its study. This was followed by data folders containing backups of client or corporate data, while .txt files with system configuration information were also often left accessible to hackers.

The firm noted the sectors that appear to be most vulnerable to these issues include insurance companies, diversified financials and banking corporations.

KMPG's research also revealed many businesses may be at risk because they are using outdated IT solutions. 16 per cent of Forbes 2000 firms are putting their corporate web servers at risk of attack because they have not installed the latest security patches, or are using old server software.

The company explained: "When accessing a website the web server often reveals its software version, which is typically hidden from a web browser's view. Information leakage in these web banner software versions can prove to be of significant value to an attacker when profiling a remote target site and server."

Firms using Apache software were found to be most at risk, with eight per cent of these servers potentially vulnerable. As this technology is used by 30 per cent of Forbes 2000 brand websites, many companies around the world could be in danger. This was followed by Microsoft servers, which are used by 26 per cent of firms. KPMG found six per cent of these are in danger.

KPMG observed the potential consequences of running unpatched versions of web server software may be serious and wide-ranging. A successful hack could range from a Distributed Denial of Service attack that knocks a website offline to a hacker being able to take complete control of the web server and its contents.

However, KPMG also revealed that many senior personnel at companies are ignorant of the risks posed by cyber attacks. But while many bosses may assume such matters are only an issue for IT departments, it was stated security is a concern that needs to be dealt with from the very top of a corporation.

Head of information protection and business resilience at KPMG Stephen Bonner said: "It may be tempting to allow IT to dictate cyber strategy, but to do so is to delegate responsibility for the business' whole security, as well as that of every customer and supplier."

Mr Bonner added this is a "cardinal sin" and a "dereliction of duty" for boards, who must make sure they are involved with security and understand the potential implications of neglecting this area.

More Stories By Dominic Monkhouse

Dominic Monkhouse joined PEER 1 Hosting as managing director of the company's new UK operations in January, 2009, bringing more than 14 years of IT industry experience to the team. He is the key executive responsible for building and growing PEER 1 Hosting's expansion into Europe. In his role as managing director, Dominic is responsible for sales, marketing and service delivery across PEER 1 Hosting's UK business and ensuring overall customer satisfaction. His role is integral to the company's continued commitment to customer service.

Before joining PEER 1 Hosting, Dominic served as managing director of IT Lab, where he was able to quickly transform the company into the fastest growing IT service provider in the UK SME market. Prior to IT Lab, he was managing director of Rackspace, which grew from a staff of four to 150 under his guidance.

Dominic has a Bachelor of Science in Agricultural and Food Marketing from Newcastle University and a MBA from Sheffield Business School in the UK. He frequently participates in public speaking events on the topic of creating great places to work and achieving continuous client satisfaction. He also is involved as a judge of the Sunday Times Customer Experience Awards.