Enterprising Developments

State of IT Security

Joe McKendrick
Insurance Experts' Forum, September 30, 2011

IBM released the results of its latest “X-Force” report, which regularly looks at online security threats from across the planet. There's bad news and good news.

The bad news is, unfortunately, attackers seem to be getting smarter. The good news is we're getting smarter as well.

This year, the big threat is something called “whaling,” a scaled-up version of “phishing.” Put your executives on notice, as whaling targets high-level people in highly visible organizations—ripe targets for stealing sensitive data.

Whaling is a type of spear phishing that targets "big fish.” These targeted attacks are often launched after careful study of a person’s online profiles has armed an attacker with the information needed to create a compelling phishing email that the victim will be fooled into opening.

In addition, there's more of what IBM calls “Advanced Persistent Threats,” coming from teams of professional attackers motivated by a desire to collect strategic intelligence. They have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning.

The other threat zone is in mobile, the report observes. The many smartphones and tablets being brought into the enterprise are threatening the security of corporate networks. The study projects that 2011 will see twice the number of exploit releases that occurred in 2010. X-Force has observed that many mobile phone vendors do not rapidly push out security updates for their devices. In addition, there has been a rise in the amount of malicious software targeting mobile phones, often distributed through third-party app markets.

So now the bad news is out out of the way; on to the good news. For example, the X-Force study reports, “the first half of 2011 saw an unexpected decrease in web application vulnerabilities, from 49 percent of all vulnerability disclosures down to 37 percent.” This is the first time in five years there has been a decrease in such issues.

Browsers have gotten better as well. High and critical vulnerabilities in web browsers were at their lowest point since 2007, despite an increasingly complex browser market, the report notes. Plus, major botnet operators are taken down and off-line by law enforcement officials, so the report shows a trend in the decline of spam and more traditional phishing tactics.

And, here's some really good news: spam is on the wane. After years of consistent spam growth until the middle of 2010, there has been a significant decline in spam volumes in the first half of this year.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

IT Spending is Healthy, But Where's the Money Going?

IT leaders expect more money for cloud, virtualization and mobile — but no staff increases.

To Quantify or Not — That is the Question with Modernization

Making the quantitative case is a long-practiced ritual in many insurance organizations.

3 Reasons DevOps Matters

Every insurer needs to compete on products and information turned around in light-speed fashion.

Coordinate Coverages to Manage Social Media Exposures

The bottom line is that no one policy will cover all the exposures in the social media realm.

The Internet of Things: Helping Insurers Make Better-Informed Decisions about Risk

The IoT is a major game changer for the insurance industry, and will likely affect every part of the insurance value chain. After all, insurance is data-driven, and that’s exactly what the IoT can deliver—relevant, actionable, real-time data that can provide an accurate picture of what is being—or may be—insured.

Software-Defined Everything

What does it take to virtualize all the key components in your data center?

Advertisement

Advertisement