The State of Our IT Security Vulnerabilities

Share  
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24
Previous Next

Click through for results from an IBM security study.

Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

If you’re getting the feeling that your IT staff is spending more time than ever patching software because of security issues, you’re probably right.

The latest X-Force security report from IBM shows that 2010 had the largest number of security vulnerabilities, 8,562 to be exact, in history. That’s a 29 percent increase over 2009. But worse yet, the severity of those vulnerabilities is increasing, while the amount of time it takes for hackers to exploit them is decreasing.

Unfortunately, the IBM report also shows that by the end of 2010, 44 percent of all the vulnerabilities disclosed had yet to be patched. No doubt many of those vulnerabilities are now being patched in 2011, but Tom Cross, IBM X-Force threat intelligence manager, says the report clearly shows the need for continuous security vigilance. That may mean a move to rely on a security service because IT organizations can no longer keep pace with all the vulnerabilities that can now manifest themselves on a number of platforms.

The IBM report makes it clear that the vast majority of the vulnerabilities being disclosed affect Web applications, which in 2010 were particularly prone to attacks being made through either Adobe PDF and Flash vulnerabilities or SQL Injection and Cross-Site Request Forgery attacks. Regardless of the method, the report notes that 49 percent of vulnerabilities disclosed in 2010 affected Web applications.

Some would say that the increase in vulnerability disclosures represents progress in terms of making our systems more secure. But others would argue that it highlights deeply flawed application development processes that result in huge post-production deployment costs that are pushed onto customers.

The good news is that there has been progress in terms of combating spam and phishing, but the report does acknowledge that this may be as much a result of the purveyors of malware deciding to opt for more efficient mechanisms for delivering payloads. For instance, while there were some high-profile takedowns of botnets in 2010, overall botnet activity began to rise again by the end of the year. That suggests that the builders of malware have created new, more efficient ways of automating the delivery of malware.

No matter how you look at it, security management is getting more complex with each passing day. The question that IT organizations need to ask themselves is given the ever-increasing attack surface that needs to be defended, can they really afford to go it alone anymore? Odds are that the answer is going to require higher levels of security automation just to keep pace with the sophisticated attack methods that the bad guys are using.

 

More Slideshows

Security40-190x128 Five Ways Encryption Has (or Hasn't) Changed Since Snowden

Findings from a new study take a closer look at the evolution of encryption, analyzing adoption rates of the technology and the evolution of privacy awareness. ...  More >>

1EVacationTips0x Six Tips for CIOs Preparing for Vacation

With summer officially in full force, it’s not always easy to disconnect from the office, especially if you’re running the IT department. Here are tips that can help provide peace of mind while you're away. ...  More >>

Security39-290x195 Five Critical Steps for Handling a Security Breach

No one can stop all security breaches, but you can take steps to dramatically improve your ability to avoid disaster and mitigate damage. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.