WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

2011 is the ‘Year of the Security Breach’ according to IBM X-Force report

IBM has released the results of its X-Force 2011 Mid-Year Trend and Risk Report, which demonstrates the rapidly changing security landscape characterized by high-profile attacks, growing mobile vulnerabilities and more sophisticated threats such as ‘whaling’. To help clients combat these and other security issues, IBM is opening the Institute for Advanced Security for Asia Pacific, which joins the IBM Institutes in North America and Europe.

The X-Force Mid-Year Trend and Risk Report is based on intelligence gathered through IBM’s research of public vulnerability disclosures as well as the monitoring and analysis of an average of 12 billion security events daily since the beginning of 2011.

Mobile exploits on track to double
Adoption of mobile devices such as smartphones and tablets in the enterprise, including the ‘Bring Your Own Device’ approach, which allows personal devices to access the corporate network, is raising new security concerns. IBM X-Force has documented a steady rise in the disclosure of security vulnerabilities affecting these devices. X-Force research recommends that IT teams consistently employ anti-malware and patch management software for phones in enterprise environments.

Key findings include:

  • X-Force is projecting that the year 2011 will see twice the number of mobile exploit releases that occurred in 2010. X-Force has observed that many mobile phone vendors do not rapidly push out security updates for their devices;
  • Some mobile malware is designed to collect end user’s personal information. This data could then be used in phishing attacks or for identity theft. Mobile malware is often capable of spying on victim's personal communications as well as monitoring and tracking their physical movements via the GPS capabilities common in these phones.

Critical Vulnerabilities Triple in 2011

The X-Force team reports that the percentage of critical vulnerabilities has tripled thus far in 2011. X-Force is declaring 2011 the ‘Year of the Security Breach’ due to the large number of high-profile attacks and network compromises that have occurred this year. There is a cadre of notable emerging threats from this year’s breaches:

  • Teams of professional attackers motivated by a desire to collect strategic intelligence have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning. These attackers are often referred to as Advanced Persistent Threats (APTs);
  • The success of APTs has raised the profile of ‘whaling,’ a type of spear phishing which targets ‘big fish,’ or those positioned in high levels of an organization with access to critical data. These targeted attacks are often launched after careful study of a person’s online profiles has armed an attacker with the information needed to create a compelling phishing email that the victim will be fooled into clicking on;
  • Attacks from ‘hacktivist’ groups, who targeted web sites and computer networks for political ends rather than just financial gain. Hacktivist groups have been successful in using well known, off-the-shelf attack techniques such as SQL Injection, which is one of the most common attack techniques seen in the Internet; and
  • Anonymous proxies have more than quadrupled in number compared to three years earlier. Anonymous proxies are a critical type of website to track, because they allow people to hide potentially malicious intent.

To access the report after free registration, click here.

•Date: 30th September 2011 • Region: World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here