For security officials, the first half of 2012 was marked by intelligence and sophistication – which, when it comes to securing a computer network, are not always positive traits. Yesterday IBM released the results of the X-Force 2012 Mid-Year Trend and Risk Report. The report highlights a sharp increase in browser-related exploits, weaknesses around password security, and growing operational challenges in the adoption mobile “bring your own device (BYOD) programs and policies since last year. In fact, half of all the Chief Information Security Officers interviewed indicated that mobile BYOD security is their greatest near-term technology concern.
The continued growth of both persistent and emerging attacks makes it all the more critical for businesses across all industries to bolster their security efforts. As part of ongoing efforts to assist global clients and invest in growth markets IBM this week announced a new Security Operations Center in Wroclaw, Poland providing real-time analysis and security notifications that keep businesses ahead of the most pressing and progressively complex security threats.
Here are the major trends we are seeing based on our analysis:
- Back to basics – password security: When you consider the increased number of social networks people participate in – from the more personal ones, to professional sites – email addresses and passwords are the common denominators in managing online identity. In 2012, we’ve seen numerous headlines announcing usernames and passwords pulled from popular sites and posted publicly – and for people who use the same password across multiple accounts – from social sites to corporate logins to banking credentials — this kind of breach can have a dangerous ripple effect. To prevent these problems, end users should implement a password or passphrase, which is a combination of words or even an entire sentence that makes the password longer, more complex and therefore more difficult to crack.
- It’s a mobile world: As mobile continues to become more pervasive in our daily lives, cyber criminals are (not surprisingly) following suit, causing mobile security to become the next big IT headache. The good news on this front is that IBM X-Force research found that mobile vulnerabilities and exploits decreased in the first part of 2012 – to the lowest levels since 2008 – likely due to the fact that developers are investing in security enhancements as well as in-house discoveries of vulnerabilities. However, there are still a number of smart phone users falling victim to SMS (i.e. text message) scams. Many times, these are a direct result of seemingly legitimate applications that actually contain malicious code.
- Playing in the sandbox: On a positive note, the report found that there was a drop in PDF vulnerability disclosures during the first six months of the year, thanks in large part to sandboxing technology. This technology works by isolating an application from the rest of the system, so that if compromised, the attacker code running within the application is limited to what it can do or what it can access. However, motivated attackers will always try to find ways to break out of a sandbox – so it’s important to remain vigilant despite this promising new approach.
Continue the conversation at the IBM Institute for Advanced Security site.