We have moved to www.moremag.pk For latest Telecom & IT news please click Here
IBM today released results from its annual X-Force 2010 Trend and Risk Report, highlighting that public and private organizations around the world faced increasingly sophisticated, customized IT security threats in 2010.
Based on the intelligence gathered through research of public vulnerability disclosures, and the monitoring and analysis of more than 150,000 security events per second every day of 2010, key observations from the X-Force Research team include:
* IBM documented more than 8,000 new vulnerabilities, a 27 percent rise from 2009. Public exploit releases were also up 21 percent from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
* The historically high growth in spam volume leveled off by the end of the year. This indicates that spammers may be seeing less value from increasing the volume of spam, and instead are focused on making sure it is bypassing filters.
* While overall there were significantly fewer phishing attacks relative to previous years, “spear phishing,” a more targeted attack technique, grew in importance in 2010, This further indicates that cyber criminals have become more focused on quality of attacks, rather than quantity.
* As end user adoption of smart phones and other mobile devices increases, IT security departments have struggled to determine the right way to bring these devices safely into corporate networks. Although attacks against the latest generation of mobile devices were not yet widely prevalent in 2010, X-Force data shows a rise in vulnerability disclosures and exploits that target these devices.
“From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day, ” said Tom Cross, threat intelligence manager, IBM X-Force. “The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical.”
In conjunction with this year’s report, IBM is launching the IBM Institute for Advanced Security in Europe to combat growing security threats in Europe. The report states that in 2010, nearly a quarter of all financial phishing emails targeted banks located in Europe. It also identifies the UK, Germany, Ukraine and Romania among the top 10 countries sending spam in 2010. This Institute joins its predecessor in Washington, D.C., focused on US clients.
A new section in the X-Force Trend & Risk Report is dedicated to the security trends and best practices for the emerging technologies of mobile devices and cloud computing.
Cloud Computing – The report highlights a shift in perception about cloud security as adoption evolves and knowledge around this emerging technology increases. Since security is still considered an inhibitor to cloud adoption, cloud providers must earn their customers’ trust by providing an infrastructure that is secure by design and has purpose built security capabilities that meet the needs of the specific applications their subscribers are moving into the cloud. As more sensitive workloads move into the cloud, the security capabilities in the cloud will become more sophisticated to accommodate them. Over time, IBM predicts the market will drive the cloud toward providing access to security capabilities and expertise that is more cost effective than in-house implementations. This may turn questions about cloud security on their head by making an interest in better security a driver for cloud adoption, rather than an inhibitor.
Mobile Devices — Organizations are increasingly concerned about the security implications of personally-owned mobile devices brought by employees into the enterprise. Enterprises must ensure control of their data regardless of where it is, including employee-owned or business-issued smartphones. In 2010, X-Force documented increases in the volume of vulnerabilities disclosed in mobile devices as well as the disclosure of exploits that target them. The desire to “jailbreak” or “root” mobile devices has motivated the distribution of mature exploit code that has been reused in malicious attacks. Nevertheless, malware is not yet common on the latest generation of mobile devices and most IT professionals view the data that can be stored on them and how that can be misused or lost as the main security threats associated with these devices. According to the X-Force Report, best practices for mobile security are evolving with enhanced password management and data encryption capabilities.
