Security Slideshow: Enterprise Security Risks, Part 1: By the Numbers

By Dennis McCafferty  |  Posted 09-02-2010

Enterprise Security Risks, Part 1: By the Numbers

4,396 new vulnerabilities were detected by the IBM X-Force Research and Development Team in first-half 2010 - a 36 percent increase over the same time period last year.

Enterprise Security Risks, Part 1: By the Numbers

Enterprise Security Risks, Part 1: By the Numbers - Page 2

55 percent of those vulnerabilities had no vendor-supplied patch at the end of the research period.

Enterprise Security Risks, Part 1: By the Numbers  - Page 2

Enterprise Security Risks, Part 1: By the Numbers - Page 3

20 percent of all disclosed vulnerabilities in first-half 2010 came from the top ten IT vendors.

Enterprise Security Risks, Part 1: By the Numbers  - Page 3

Enterprise Security Risks, Part 1: By the Numbers - Page 4

94 percent of all vulnerability disclosures in first-half 2010 were remotely exploitable, meaning local access to the system is not required. That's up from 85 percent in 2006.

Enterprise Security Risks, Part 1: By the Numbers  - Page 4

Enterprise Security Risks, Part 1: By the Numbers - Page 5

52 percent of vulnerabilities are "Gain Access" exploitations, meaning the attacker commands complete control over a system to possibly steal data, manipulate the system and/or launch attacks within.

Enterprise Security Risks, Part 1: By the Numbers  - Page 5

Enterprise Security Risks, Part 1: By the Numbers - Page 6

55 percent of vulnerabilities disclosed are Web-application based.

Enterprise Security Risks, Part 1: By the Numbers  - Page 6

Enterprise Security Risks, Part 1: By the Numbers - Page 7

88 percent of all vulnerabilities affected Web-application plug-ins in first-half 2010, as opposed to the Web-app platform itself.

Enterprise Security Risks, Part 1: By the Numbers  - Page 7

Enterprise Security Risks, Part 1: By the Numbers - Page 8

Pornography/sex Web sites made up 33 percent of all Web sites hosting 10 or more malicious links in first-half of 2010 - a clear indication that CIOs must be pro-active when it comes to effective filtering of these sites in the workplace.

Enterprise Security Risks, Part 1: By the Numbers  - Page 8

Enterprise Security Risks, Part 1: By the Numbers - Page 9

Gambling sites made up 28 percent of all Web sites hosting 10 or more malicious links in first-half of 2010.

Enterprise Security Risks, Part 1: By the Numbers  - Page 9

Enterprise Security Risks, Part 1: By the Numbers - Page 10

A vast majority (90 percent) of spam is URL-based, meaning the spammer intends for the receiver to click on a URL to view the spam contents.

Enterprise Security Risks, Part 1: By the Numbers  - Page 10

Enterprise Security Risks, Part 1: By the Numbers - Page 11

9.7 percent of all spam e-mails came from computers that were geographically located in the U.S. in first-half 2010.

Enterprise Security Risks, Part 1: By the Numbers  - Page 11

Enterprise Security Risks, Part 1: By the Numbers - Page 12

8.4 percent of all spam emails came from computer networks in Brazil.

Enterprise Security Risks, Part 1: By the Numbers  - Page 12

Enterprise Security Risks, Part 1: By the Numbers - Page 13

Other top geographic locations for spam include: India (8.1 percent) Russia (5.3 percent) Vietnam (4.6 percent) South Korea (4.1 percent)

Enterprise Security Risks, Part 1: By the Numbers  - Page 13

Enterprise Security Risks, Part 1: By the Numbers - Page 14

The top nation for URL-based spam?China, which accounted for 37.5 percent of such emails.

Enterprise Security Risks, Part 1: By the Numbers  - Page 14

Enterprise Security Risks, Part 1: By the Numbers - Page 15

Other top nations for URL-based spam include: United States (16.6 percent) South Korea (8.9 percent) Moldova (4.7 percent) Russia (3.4 percent)

Enterprise Security Risks, Part 1: By the Numbers  - Page 15

Enterprise Security Risks, Part 1: By the Numbers - Page 16

Most popular spam subject line?"You have a new personal message," which accounts for .5 percent of spam subject lines.

Enterprise Security Risks, Part 1: By the Numbers  - Page 16

Enterprise Security Risks, Part 1: By the Numbers - Page 17

Other popular spam subject lines include: Those advertising replica watches (.44 percent) Sales on Pfizer (.4 percent) News on MySpace (.35 percent) Important notices about Google Apps browser support (.35 percent).

Enterprise Security Risks, Part 1: By the Numbers  - Page 17

Enterprise Security Risks, Part 1: By the Numbers - Page 18

Most popular phishing subject line?"Security Alert - Verification of Your Current Details," which accounted for 15.75 percent of phishing subject lines in first-half 2010.

Enterprise Security Risks, Part 1: By the Numbers  - Page 18