Enterprising Developments

IT Security Making Strides, But Don't Let Your Guard Down

Joe McKendrick
Insurance Experts' Forum, April 3, 2012

The good news out of IBM’s annual “X-Force” report, which covers enterprise security, is that companies are really starting to tighten up their operations to lock down sensitive data and keep out online intruders. Of course, attackers, like cockroaches, are quickly adapting and figuring out new ways to crawl under the walls.

The report revealed a 50-percent decline in spam email in 2011 when compared to 2010 and more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010. There's also reportedly higher quality of software application code—as seen in web-application vulnerabilities called cross-site scripting—half as likely to exist in clients’ software as they were four years ago.

The IBM X-Force 2011 Trend and Risk Report is based on research regarding public vulnerability disclosure findings from more than 4,000 companies, as well as IBM's monitoring and analysis of an average of 13 billion events daily in 2011.

The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.

New technologies such as mobile and cloud computing continue to create challenges for enterprise security, as found by the IBM researchers:

“Bring your Own Device” in the enterprise: IBM X-Force reported a 19-percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. “There are many mobile devices in consumers' hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.”

Social media in the enterprise: IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. “The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.”

Cloud computing in the enterprise: “IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. “Careful consideration should be given to ownership, access management, governance and termination when crafting service-level agreements. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.”

Bear in mind that while the IBM report addresses these areas as opening up enterprises to outside threats, inside threats may be even more pervasive. Even private cloud, which appears safer in terms of data security, may open up access to sensitive data to unauthorized parties within the walls of enterprises.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Don’t Wrap Your Organization Too Tight With Metrics

Metrics provide a picture of how business is going, and systems are performing. But do they provide the right picture?

Insurance: The Original Shared Economy

Insurers should look to revisit the roots of the insurance process.

The Seven Flavors of Virtualization

There is no one single form of virtualization rather, different parts of the IT infrastructure require different approaches.

Can New Technology Turn Older Cars into Safer Cars?

Unless you have the means and motivation to buy a new car every year, your newest car is quickly about to become an older car.

What if Someone Kickstarted an Insurance Company

Our industry is evolving and implementing new innovations, particularly focusing on the customer experience, including the web and mobile.

The Transformative CIO

Today's technology leaders are expanding well beyond their traditional role.