IBM Corp. recently released the results of its X-Force 2013 Mid-Year Trend and Risk Report that reveals Chief Information Security Officers (CISO’s) must increase their knowledge of the evolving vulnerability and attack landscape such as...
October 3, 2013
IBM Corp. recently released the results of its X-Force 2013 Mid-Year Trend and Risk Report that reveals Chief Information Security Officers (CISO’s) must increase their knowledge of the evolving vulnerability and attack landscape such as mobile and social technologies, to more effectively combat emerging security threats.
“For CISO’s, it is no surprise that tried and true attack tactics can cause the most damage to an enterprise,” the company said in a release. “Known vulnerabilities left unpatched in Web applications and server and endpoint software, create opportunities for attacks to occur.
“These unpatched applications and software continue to be facilitators of breaches year after year. However, the latest X-Force report also recognizes that attackers are improving their skills, which allows them to increase their return on exploitation.”
The insights are grouped into the following areas where X-Force analyzed trends in attack behaviors:
* Social Media: A tool for business, reconnaissance, and attacks
* Poisoning the Watering Hole: Compromising a central strategic target
* Distraction and Diversion: Attackers amplify DDoS as a distraction to breach other systems
In the first six months of 2013, IBM X-Force was able to:
* Analyze 4,100 new security vulnerabilities
* Scan 900 Million new Webpages and images
* Create 27 Million new or updated entries in the IBM web filter database
* Insert 180 Million new, updated, or deleted signatures in the IBM spam filter database
IBM X-Force expects to see applications of social engineering become more sophisticated as “attackers create complex internetworks of identities while refining the art of deceiving victims. Technology advancements and controls are available, best practices continue to be refined and taught, but ultimately the trust the user believes they have may circumvent anything security practitioners put in place.”