Over the past year, the IT security space has had numerous mainstream headlines. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations were inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.
(Read more: 5 easy ways to build your personal brand !)
- At the mid-year of 2012, we predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case.
(Read more: How to write a great article in less than 30 mins )
- While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection. What continues to be clear is that attackers, regardless of operational sophistication,will pursue a path-of-least-resistance approach to reach their objectives.
>> Download the Complete Report
- Integration of mobile devices into the enterprise continues to be a challenge. In the previous report,we looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices. That said, recent developments have indicated that while these dangers still exist,we believe mobile devices should be more secure than traditional user computing devices by 2014.
- While this prediction may seem far fetched on the surface, it is based on security control trends
and requirements that are being driven into the market by knowledgeable security executives. In this report, we explore how security executives are advocating the separation of personas or roles on employee-owned devices. We also discuss some secure software mobile application development initiatives that are taking place today.
(Watch more : 3 causes of stress which we are unaware of !)
- The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose. Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems. Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.
>> Download the Complete Report
- As we reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive. Whether the target is individuals or the enterprise, once again, we remind readers that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.
- Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak we recorded.
More: Want to share your insights? Click here to write an article at CISO Platform
- Social media has changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities. Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.
>> Download the Complete Report
IBM COMPLIMENTARY SECURITY HEALTH SCAN!
Comments