Enterprising Developments

IT Security Making Strides, But Don't Let Your Guard Down

Joe McKendrick
Insurance Experts' Forum, April 3, 2012

The good news out of IBM’s annual “X-Force” report, which covers enterprise security, is that companies are really starting to tighten up their operations to lock down sensitive data and keep out online intruders. Of course, attackers, like cockroaches, are quickly adapting and figuring out new ways to crawl under the walls.

The report revealed a 50-percent decline in spam email in 2011 when compared to 2010 and more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010. There's also reportedly higher quality of software application code—as seen in web-application vulnerabilities called cross-site scripting—half as likely to exist in clients’ software as they were four years ago.

The IBM X-Force 2011 Trend and Risk Report is based on research regarding public vulnerability disclosure findings from more than 4,000 companies, as well as IBM's monitoring and analysis of an average of 13 billion events daily in 2011.

The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.

New technologies such as mobile and cloud computing continue to create challenges for enterprise security, as found by the IBM researchers:

“Bring your Own Device” in the enterprise: IBM X-Force reported a 19-percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. “There are many mobile devices in consumers' hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.”

Social media in the enterprise: IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. “The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.”

Cloud computing in the enterprise: “IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. “Careful consideration should be given to ownership, access management, governance and termination when crafting service-level agreements. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.”

Bear in mind that while the IBM report addresses these areas as opening up enterprises to outside threats, inside threats may be even more pervasive. Even private cloud, which appears safer in terms of data security, may open up access to sensitive data to unauthorized parties within the walls of enterprises.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Insurance: The Next Generation (Part 2)

The Internet of things and the burgeoning number of smart devices coupled with cognitive computing will offer a more evidence-based, real-time approach to managing risks.

Social Media Turns the Sales Funnel Upside Down

If you can reach one member of a group with content that meets the criteria for contagious content, then they are likely to share with others.

Insurance: The Next Generation (Part 1)

Insurers are at a moment when their technological capabilities can be used to improve many of the legacy issues plaguing the industry.

Predicting the Future Becomes Reality

A recent Big Data experiment showed 70 percent accuracy in predicting crime in certain locales. The implications go far beyond that.

Social Media for Insurers — Stop Counting and Start Measuring

Measuring goes beyond just accumulating fans and followers: it looks at the contribution to business.

Keys to Successful Policy Administration System Upgrades

Celent surveyed 44 North American insurers to find answers to the major challenges of upgrading policy admin systems.