Security - CIOInsight
Home arrow Security arrow Enterprise Security Risks, Part 2: Behind the Threats

Security Slideshow:
Enterprise Security Risks, Part 2: Behind the Threats

By Dennis McCafferty on 2010-09-02


In Part One of our Enterprise Security Risks feature, CIO Insight presented the results of a remarkably detailed report on enterprise security from IBM. The stats aren’t encouraging: There were nearly 4,400 new vulnerabilities disclosed in first-half 2010, a 36 percent increase over the same time period in 2009. More than half of these incidents had no vendor-supplied patch. Nearly 95 percent of the vulnerabilities can be exploited remotely, with no local system access required. Numbers, however, do not tell the entire story. The research document, titled the IBM X-Force 2010 Mid-Year Trend and Risk Report , goes into significant depth with respect to the "why" behind the numbers – the emerging trends and future developments that could result in an even greater degree of risks for enterprises. For CIOs, the research can serve as a blueprint for the current and future nature of system violations. The report is the result of ongoing, in-depth research by IBM's 3,500-member skilled security services team.

LATEST STORIES
- The 10 Hottest IT Certifications
- Make 8 Popular Performance Tools Work for Yo...
- CIO Careers: Why You Don't Get What You Want
- Ten Enemies of Innovation
- Oracle Taleo Buy Targets SAP, Salesforce.com

BLOGS
 
  • of
Do You Know the Hottest Security "Catch Phrase" of 2010?It's Advanced Persistent Threat (APT), which is an insidious attack from well-funded, state-sponsored intelligence organization.

What's different about APT?APT attackers are more patient than your typical bored Gen Y hacker or financially motivated crook. They're willing to linger within a network for long periods to slowly access information/data, while staying below activity thresholds that would attract attention.

What information do they want?From social-media sites, APT attackers can get a sense of where employees travel and what business is discussed. This helps them identify individuals who have access to the data they seek. A targeted, social-engineering attack often follows.

Six factors contributing to an increase in attacks1. Malware design is better than ever, with rich-feature sets that rival those of commercial software products.

Six factors contributing to an increase in attacks2. Rather than focusing on a single point of entry, threats now aggressively target multiple resources within an enterprise to ensure successful exploitation – every employee and endpoint is a potential point of entry.

Six factors contributing to an increase in attacks3. Sophisticated exploitations combine techniques such as spamming, phishing, malicious URL sending and social engineering.

Six factors contributing to an increase in attacks 4. Employees are also being targeted through documents they use every day – PDF files and office docs.

Six factors contributing to an increase in attacks 5. JavaScript's flexibility allows for optimal obfuscation on the part of attackers. It's relatively easy to "hide" exploitative payloads within the heavily encoded data portions of JavaScript, according to IBM.

Six factors contributing to an increase in attacks6. Through BlackHat search engine "poisoning," cyber-criminals use major news events to get their malicious links at the top of search-engine results pages.

Three future trends that will impact enterprise security1. IPv6: The "new generation Internet" is now supported by the majority of operating systems, but will enterprises transition rapidly enough to avoid the emergence of black markets for IPv4 addresses?

Three future trends that will impact enterprise security2. Virtualization: The virtualization market is $15.2 billion and growing, leading to expanded opportunity for host/Web app/Web server and other vulnerabilities.

Three future trends that will impact enterprise security3. The Cloud: Security continues to be the greatest barrier to adopting cloud-computing tech for IT decision-makers.

  • More slideshows
FEATURED SPONSORED VIDEOS
FEATURED SPONSORED ARTICLES

Erasable E-Paper Saves Trees, Cuts Costs

Why Smart Companies Should Adopt the Lessons of Gaming

Interest in Mobile WiFi Hotspots Fuels New Solutions

A Closer Look at Public Cloud Security

View More Articles

  Brought to You By
Click Here

 

Advertisement
Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 77% of the Fortune 500 Manage Content Securely with Box.
  • Leverage your virtual computing environment with Dell.
  • Build an IT Infrastructure That Delivers the Future
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
    		•

    CIO Insight:  

    Issue Index | Contact Us | About | Advertise | Magazine Customer Service | Site Map

    Quick Links:  

    Enterprise Mobility Zone | Management Case Studies | Loyalty Programs | Term Sheet | Strategy Maps | Organizational Behavior | Net Present Value Calculator | Link to Us

    eWEEK Quick LInks

    Security:
    Network Security
    Entprise Networking
    Infrastructure Security
    How To: Data
    IT Security News
    Cheap Hack Blog
    Security Watch Blog
    Storage:
    Storage
    Cloud Storage
    Storage Virtualization
    Network Access Storage
    Storage Reviews
    Data Storage News
    How To: Storage
    Storage Station Blog
    Computing:
    Apple OSX
    Linux Systems
    Windows Vista
    Managed Print Services
    Cloud Computing
    PC Reviews
    Microsoft Watch Blog
    Apple Watch Blog
    Google Watch Blog
    Communications:
    VoIP Solutions
    Wireless Technology
    Messaging Software
    Web Services
    Mobile Applications
    Wireless News
    Mobile Reviews
    Apps & Development:
    Application Development
    SAAS
    Search Engines
    Database Software
    Web 2.0
    IT Project Management
    Emerging Tech Blog
    CIO Insight Blogs
    CIOs

    Vertical Markets:
    Federal Government IT
    Health Care IT
    Finance IT
    Mid-Market
    Channel Partners
    Careers Blog
    Value Added Resellers
    More eWeek Links:
    Green Computing
    Tech Knowledge Center
    Tech Newsletters
    Tech RSS Feeds
    White Papers
    Tech Podcasts
    Tech Videos
    Magazine Subscriptions
    Enterprise Websites:
    ZDE Home
    eWeek
    Baseline
    Channel Insider
    CIO Insight
    eSeminars
    eWeek Mid-Market
    Publish Online
    Web Buyers Guide
    Developer Websites:
    Dev Shed
    DeveloperShed
    ASP Free
    MS DevSource
    SEO Chat
    Codewalkers
    Tutorialized
    Scripts.com
    Dev Mechanic
    Dev Articles
    Web Hosters
    Dev Hardware
    Technology Websites:
    Device Forge
    Desktop Linux
    Linux Devices
    Windows for Devices
    TechDirect
    iGrep Search Engine
    PDF Zone
    Linux Watch

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
    eWeek is your best source for the latest Technology News.
    ZDE Cluster 6