The nature of IT security in 2011 shows evolution at work. While some positive trends and improvements have emerged in thwarting security vulnerabilities, attacker’s methods continued to adapt.
Issued today, the 2011 IBM X-Force Report shows surprising improvements in several areas of security such as a reduction in application security vulnerabilities, exploit code and spam. As a result, the report suggests attackers today are being forced to rethink their tactics to targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.
IBM issues the X-Force report annually to describe the state of security globally and the top threats facing clients. The report is based on the monitoring and analysis of an average of 13 billion events daily in 2011 and intelligence from across IBM’s security services.
Some examples of what we saw to indicate how threats are evolving include:
- While the number of SQL Injection vulnerabilities in publicly maintained web applications dropped by 46 percent this year, more speciality attacks targeting Shell Command Injection vulnerabilities rose 2 to 3 times since 2010.
- While traditional email spam decreased by 50 percent, there was an increase in phishing attacks that impersonate social networking sites and mail parcel services to entice victims to click on links to web pages that may try to infect their PCs with malware.
- New technologies such as mobile devices are creating new avenues of opportunity for attacks and new challenges for security pros. There was a 19 percent increase in the number of exploits publicly released that can be used to target mobile devices—which are increasingly tapping into enterprise information through the Bring your Own Device or “BYOD” programs.
In our X-Force 2011 Mid-year Trend and Risk Report we identified ten steps that X-Force would suggest taking to mitigate some of the attacks that have happened this year. None of the steps we suggested is a ground breaking revelation for IT security pros. The challenge is not knowing what to do, but executing consistently across a complex, decentralized organization. In order for a security program to be successful it must have the resources, political support, and institutional respect needed to ensure compliance with best practices throughout the organization. Achieving that level of effectiveness is the true challenge of IT security leadership.
To view the full report and to learn more about how to make your enterprise more secure, please visit www.ibm.com/security/xforce.