If you’re getting the feeling that your IT staff is spending more time than ever patching software because of security issues, you’re probably right.
The latest X-Force security report from IBM shows that 2010 had the largest number of security vulnerabilities, 8,562 to be exact, in history. That’s a 29 percent increase over 2009. But worse yet, the severity of those vulnerabilities is increasing, while the amount of time it takes for hackers to exploit them is decreasing.
Unfortunately, the IBM report also shows that by the end of 2010, 44 percent of all the vulnerabilities disclosed had yet to be patched. No doubt many of those vulnerabilities are now being patched in 2011, but Tom Cross, IBM X-Force threat intelligence manager, says the report clearly shows the need for continuous security vigilance. That may mean a move to rely on a security service because IT organizations can no longer keep pace with all the vulnerabilities that can now manifest themselves on a number of platforms.
The IBM report makes it clear that the vast majority of the vulnerabilities being disclosed affect Web applications, which in 2010 were particularly prone to attacks being made through either Adobe PDF and Flash vulnerabilities or SQL Injection and Cross-Site Request Forgery attacks. Regardless of the method, the report notes that 49 percent of vulnerabilities disclosed in 2010 affected Web applications.
Some would say that the increase in vulnerability disclosures represents progress in terms of making our systems more secure. But others would argue that it highlights deeply flawed application development processes that result in huge post-production deployment costs that are pushed onto customers.
The good news is that there has been progress in terms of combating spam and phishing, but the report does acknowledge that this may be as much a result of the purveyors of malware deciding to opt for more efficient mechanisms for delivering payloads. For instance, while there were some high-profile takedowns of botnets in 2010, overall botnet activity began to rise again by the end of the year. That suggests that the builders of malware have created new, more efficient ways of automating the delivery of malware.
No matter how you look at it, security management is getting more complex with each passing day. The question that IT organizations need to ask themselves is given the ever-increasing attack surface that needs to be defended, can they really afford to go it alone anymore? Odds are that the answer is going to require higher levels of security automation just to keep pace with the sophisticated attack methods that the bad guys are using.
Ten Apple Apps for BusinessApple apps to help increase business productivity.
Top Eight Features in Windows Server 8 Windows Server 8 is a technically sophisticated operating system that is crammed with features that bring many previously enterprise-only capabilities to small and mid-sized businesses.
Seven Points CIOs Must Know About the Board of Directors Seven areas that CIOs must understand and act upon in order to effectively work with the board.
Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ... More >>
Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ... More >>
Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ... More >>