C5 Alliance is warning local businesses that their networks might not be properly configured, leaving them open to security threats.
The advice follows the publication of the Cisco 2015 Annual Security Report which highlighted that while businesses might intend to manage their network security actively, in practice it is being neglected.
Matt Ferbrache, head of technical solutions at C5 Alliance in Guernsey and the island’s only qualified CCIE (Cisco Certified Internetworking Expert), said that during audits of local businesses he has repeatedly discovered networking vulnerabilities which could spell serious problems.
“Although it is not always easy for businesses to detect these types of issues, many networks I encounter are running out of date software, don’t comply with best practices and aren’t optimised for high performance.
“Often technologies such as spanning-tree and quality of service, which form part of the networks capability to control its traffic effectively, are never configured during installation. It’s understandable that a business, and even its IT department, might assume that everything is in order and secure.”
Mr Ferbrache said the security risks posed by misconfigured networks should be considered as much of a concern as software bugs and other exploits that are more widely publicised. The recent cyberattacks on the US Office of Personnel Management, for example, were network breaches caused by inattention to network security.
“It really is a growing concern for IT professionals. There is a plug-in and walk away mentality and networks are becoming increasingly open to attack, something malicious hackers are all too aware of.“The risks are potentially severe, including leakage of sensitive company data, unauthorised access, denial of service and even malware attacks and damage to corporate resources such as defacing the company website.
“We would strongly urge any business that isn’t completely certain of their network’s resilience to get in touch with an IT professional and consider having a network security audit and regular testing of their systems,” said Mr Ferbrache.