Enterprising Developments

IT Security Making Strides, But Don't Let Your Guard Down

Joe McKendrick
Insurance Experts' Forum, April 3, 2012

The good news out of IBM’s annual “X-Force” report, which covers enterprise security, is that companies are really starting to tighten up their operations to lock down sensitive data and keep out online intruders. Of course, attackers, like cockroaches, are quickly adapting and figuring out new ways to crawl under the walls.

The report revealed a 50-percent decline in spam email in 2011 when compared to 2010 and more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010. There's also reportedly higher quality of software application code—as seen in web-application vulnerabilities called cross-site scripting—half as likely to exist in clients’ software as they were four years ago.

The IBM X-Force 2011 Trend and Risk Report is based on research regarding public vulnerability disclosure findings from more than 4,000 companies, as well as IBM's monitoring and analysis of an average of 13 billion events daily in 2011.

The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.

New technologies such as mobile and cloud computing continue to create challenges for enterprise security, as found by the IBM researchers:

“Bring your Own Device” in the enterprise: IBM X-Force reported a 19-percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. “There are many mobile devices in consumers' hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.”

Social media in the enterprise: IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. “The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.”

Cloud computing in the enterprise: “IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. “Careful consideration should be given to ownership, access management, governance and termination when crafting service-level agreements. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.”

Bear in mind that while the IBM report addresses these areas as opening up enterprises to outside threats, inside threats may be even more pervasive. Even private cloud, which appears safer in terms of data security, may open up access to sensitive data to unauthorized parties within the walls of enterprises.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Apple Bounce: Are Wearables Truly this Big?

I just donít believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novaricaís last study on these topics.

How Quote Data Can Deliver Powerful Business Insights

Quote data often is disregarded due to its volume, but properly managed can offer insights into product and pricing strategy, expense control, cross selling and upselling.

Trends in P&C and L/H/A Policy Administration Systems

Novarica research shows that nearly 40 percent of P&C and life/health/annuity carriers are currently replacing or planning to replace a policy administration system.

Product Configurators: Moving Insurers toward Self-Sufficiency

Insurers may like a vendorís full service model for updating policy content rules, but they donít want to be held captive if the vendor doesnít offer fast speed-to-market.

Insurers: Let's Be The Best

I donít like when insurance companies are hectored by people inside or outside of the industry about how they arenít innovative. Many insurers are leading the way in gleaning real results from emerging technology disciplines, including big data, analytics, mobile technology, and telematics.