Enterprising Developments

IT Security Making Strides, But Don't Let Your Guard Down

Joe McKendrick
Insurance Experts' Forum, April 3, 2012

The good news out of IBM’s annual “X-Force” report, which covers enterprise security, is that companies are really starting to tighten up their operations to lock down sensitive data and keep out online intruders. Of course, attackers, like cockroaches, are quickly adapting and figuring out new ways to crawl under the walls.

The report revealed a 50-percent decline in spam email in 2011 when compared to 2010 and more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010. There's also reportedly higher quality of software application code—as seen in web-application vulnerabilities called cross-site scripting—half as likely to exist in clients’ software as they were four years ago.

The IBM X-Force 2011 Trend and Risk Report is based on research regarding public vulnerability disclosure findings from more than 4,000 companies, as well as IBM's monitoring and analysis of an average of 13 billion events daily in 2011.

The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.

New technologies such as mobile and cloud computing continue to create challenges for enterprise security, as found by the IBM researchers:

“Bring your Own Device” in the enterprise: IBM X-Force reported a 19-percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. “There are many mobile devices in consumers' hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.”

Social media in the enterprise: IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. “The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.”

Cloud computing in the enterprise: “IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. “Careful consideration should be given to ownership, access management, governance and termination when crafting service-level agreements. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.”

Bear in mind that while the IBM report addresses these areas as opening up enterprises to outside threats, inside threats may be even more pervasive. Even private cloud, which appears safer in terms of data security, may open up access to sensitive data to unauthorized parties within the walls of enterprises.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

What It Takes to Have a Tech-Savvy Workplace

The tools and technologies to build the next workplace are available, but not common yet in corporate settings.

Avoiding the Bermuda Triangle of Data

Handled poorly, questions around data ownership, data quality and data security can sidetrack big data conversations and alienate business stakeholders.

A Prototype of the Successful Innovation Leader

Celent research reveals the prototype for the successful senior innovation leader.

Global Supply Chain, Local Problem

As a technology provider, your client’s ability to deliver products and services to their customers, when and where they need them, is at the heart of their business success.

Legacy Systems Are Increasingly a Competitive Handicap

Legacy systems, while reliable, increasingly hold insurers back, a new study finds

From Her to Watson, and What’s Next?

Imagine a learning system that can replace the performance of your best employee to provide the same level of support across the organization.