Security - CIOInsight
Home arrow Security arrow Enterprise Security Risks, Part 1: By the Numbers

Security Slideshow:
Enterprise Security Risks, Part 1: By the Numbers

By Dennis McCafferty on 2010-09-02


In this first installment of our two-part series we look at enterprise security risks for which CIOs should be increasingly on guard. In Part Two , we look at the trends behind the numbers. These figures are excerpted from a mid-year enterprise risk report from IBM, which shows that vulnerability disclosures are up significantly compared to last year. Many of these incidents cannot be mitigated with a patch because none is available. Remote attacks – those which can be launched without prior access to an enterprise system – are now the most popular option for hackers. The complete research document, the IBM Security X-Force 2010 Mid-Year Trend and Risk Report , is the result of ongoing, in-depth analysis by the X-Force Research team. The researchers cull facts from a database of more than 50,000 computer-security vulnerabilities and millions of intrusion events on tens of thousands of managed network sensors worldwide, as well as their Web crawler, spam collectors and other intelligence sources.

LATEST STORIES
- The 10 Hottest IT Certifications
- Make 8 Popular Performance Tools Work for Yo...
- CIO Careers: Why You Don't Get What You Want
- Ten Enemies of Innovation
- Oracle Taleo Buy Targets SAP, Salesforce.com

BLOGS
 
  • of
4,396 new vulnerabilities were detected by the IBM X-Force Research and Development Team in first-half 2010 – a 36 percent increase over the same time period last year.

55 percent of those vulnerabilities had no vendor-supplied patch at the end of the research period.

20 percent of all disclosed vulnerabilities in first-half 2010 came from the top ten IT vendors.

94 percent of all vulnerability disclosures in first-half 2010 were remotely exploitable, meaning local access to the system is not required. That's up from 85 percent in 2006.

52 percent of vulnerabilities are “Gain Access” exploitations, meaning the attacker commands complete control over a system to possibly steal data, manipulate the system and/or launch attacks within.

55 percent of vulnerabilities disclosed are Web-application based.

88 percent of all vulnerabilities affected Web-application plug-ins in first-half 2010, as opposed to the Web-app platform itself.

Pornography/sex Web sites made up 33 percent of all Web sites hosting 10 or more malicious links in first-half of 2010 – a clear indication that CIOs must be pro-active when it comes to effective filtering of these sites in the workplace.

Gambling sites made up 28 percent of all Web sites hosting 10 or more malicious links in first-half of 2010.

A vast majority (90 percent) of spam is URL-based, meaning the spammer intends for the receiver to click on a URL to view the spam contents.

9.7 percent of all spam e-mails came from computers that were geographically located in the U.S. in first-half 2010.

8.4 percent of all spam emails came from computer networks in Brazil.

Other top geographic locations for spam include: India (8.1 percent) Russia (5.3 percent) Vietnam (4.6 percent) South Korea (4.1 percent)

The top nation for URL-based spam?China, which accounted for 37.5 percent of such emails.

Other top nations for URL-based spam include: United States (16.6 percent) South Korea (8.9 percent) Moldova (4.7 percent) Russia (3.4 percent)

Most popular spam subject line?“You have a new personal message,” which accounts for .5 percent of spam subject lines.

Other popular spam subject lines include: Those advertising replica watches (.44 percent) Sales on Pfizer (.4 percent) News on MySpace (.35 percent) Important notices about Google Apps browser support (.35 percent).

Most popular phishing subject line?“Security Alert – Verification of Your Current Details,” which accounted for 15.75 percent of phishing subject lines in first-half 2010.

  • More slideshows
FEATURED SPONSORED VIDEOS
FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

  Brought to You By
Click Here

 

Advertisement
Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 77% of the Fortune 500 Manage Content Securely with Box.
  • Leverage your virtual computing environment with Dell.
  • Build an IT Infrastructure That Delivers the Future
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
    		•

    CIO Insight:  

    Issue Index | Contact Us | About | Advertise | Magazine Customer Service | Site Map

    Quick Links:  

    Enterprise Mobility Zone | Management Case Studies | Loyalty Programs | Term Sheet | Strategy Maps | Organizational Behavior | Net Present Value Calculator | Link to Us

    eWEEK Quick LInks

    Security:
    Network Security
    Entprise Networking
    Infrastructure Security
    How To: Data
    IT Security News
    Cheap Hack Blog
    Security Watch Blog
    Storage:
    Storage
    Cloud Storage
    Storage Virtualization
    Network Access Storage
    Storage Reviews
    Data Storage News
    How To: Storage
    Storage Station Blog
    Computing:
    Apple OSX
    Linux Systems
    Windows Vista
    Managed Print Services
    Cloud Computing
    PC Reviews
    Microsoft Watch Blog
    Apple Watch Blog
    Google Watch Blog
    Communications:
    VoIP Solutions
    Wireless Technology
    Messaging Software
    Web Services
    Mobile Applications
    Wireless News
    Mobile Reviews
    Apps & Development:
    Application Development
    SAAS
    Search Engines
    Database Software
    Web 2.0
    IT Project Management
    Emerging Tech Blog
    CIO Insight Blogs
    CIOs

    Vertical Markets:
    Federal Government IT
    Health Care IT
    Finance IT
    Mid-Market
    Channel Partners
    Careers Blog
    Value Added Resellers
    More eWeek Links:
    Green Computing
    Tech Knowledge Center
    Tech Newsletters
    Tech RSS Feeds
    White Papers
    Tech Podcasts
    Tech Videos
    Magazine Subscriptions
    Enterprise Websites:
    ZDE Home
    eWeek
    Baseline
    Channel Insider
    CIO Insight
    eSeminars
    eWeek Mid-Market
    Publish Online
    Web Buyers Guide
    Developer Websites:
    Dev Shed
    DeveloperShed
    ASP Free
    MS DevSource
    SEO Chat
    Codewalkers
    Tutorialized
    Scripts.com
    Dev Mechanic
    Dev Articles
    Web Hosters
    Dev Hardware
    Technology Websites:
    Device Forge
    Desktop Linux
    Linux Devices
    Windows for Devices
    TechDirect
    iGrep Search Engine
    PDF Zone
    Linux Watch

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
    eWeek is your best source for the latest Technology News.
    ZDE Cluster 1