UK government 'exposed to hackers'

Lax security in email servers is putting the UK government at risk of cyber attack, according to a study released today by security firm, NTA Monitor.

The study found that many government email servers are running software packages with known security flaws. NTA Monitor sent emails to all organisations with addresses ending in .gov.uk, and identified 345 live email servers. From these tests, the company determined what software the boxes are running.

They found that 31 per cent were using early versions of software with known security problems.

The issue is that most IT departments are not keeping up to date with software upgrades and patches, according to NTA's security services manager, Deri Jones.

Noting that 45 per cent of government organisations running Microsoft Exchange are running flawed versions, he explained: "There's nothing intrinsically wrong with Microsoft Exchange. It's entirely down to issuing updated versions and patches. A lot of security isn't rocket science, it's about due care and attention."

Jones declined to say which departments are the worst offenders, but he said the results from the government are no worse than he has seen in the private sector. "It highlights the fact that a lot of government organisations aren't taking good enough care of their security," he said.

"One area of security can undermine all your good efforts in other areas. Even a good firewall won't protect you if you're running an insecure mail server."