Organisations are risking breaches of data by not adhering to standard industry security practices according to a new report by the UK's Information Commissioner's Office (ICO).
According to the ICO, many such incidents have been serious breaches that have resulted in fines being issued to the organisations at fault.
Vulnerabilities
The top eight security vulnerabilities at organisations outlined by the ICO report are:
- Failure to keep software security up to date
- Lack of protection from SQL injection
- Use of unnecessary services
- Poor decommissioning of old software and services
- Insecure storage of passwords
- Failure to encrypt online communications
- Poorly designed networks processing data in inappropriate areas
- Continued use of default credentials including passwords
"While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers' information secure," said the ICO's Group Manager for Technology Simon Rice. "Our experiences investigating data breaches on a daily basis shows that whilst some organisations are taking IT security seriously, too many are failing at the basics."