A new report into the state of the security industry by IBM has revealed a "surprising" improvement in online safety, but this is just forcing cybercriminal to change their attack method.
Big Blue’s X-Force 2011 Trend and Risk Report revealed a number of improvements in internet security, mostly driven by improvements from the software industry.
Included in these improvements is a drop in unpatched software vulnerabilities, down from 43% in 2010 to 36% in 2011. IBM also claimed there has been an improvement in the quality of software application code, with web-application vulnerabilities half as likely to exist in clients’ software as they were four years ago, the company said.
However as these lines of attack are shut down, IBM says cybercriminals are finding new ways to reach their target. These include phishing attacks launched through social networks, increased efforts to exploit mobile vulnerabilities and automated password guessing.
IBM says that as the adoption of social media platforms and technologies, attackers have focused their efforts in that space. Some use them for pre-attack intelligence gathering, hoping to take advantage of the huge amount of personal information many people feel comfortable releasing online. Others have started to send phishing emails that impersonate a social media site.
The threat to mobile devices in the enterprise mainly comes from the Bring Your Own Device (BYOD) phenomenon, also known as the consumerisation of IT. IBM X-Force observed a 19% increase over the prior year in the number of exploits publicly released that can be used to target mobile devices, which are often unpatched.
IBM also identified cloud computing as creating new opportunities for cybercriminals and suggested that as adoption goes mainstream attacks and breaches are likely to continue. "IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data," the report warns.
Content from our partners
"Many cloud customers using a service worry about the security of the technology. Depending upon the type of cloud deployment, most, if not all, of the technology is outside of the customer’s control," added Ryan Berg, IBM security cloud strategist, in a statement.
"They should focus on information security requirements of the data destined for the cloud, and through due diligence, make certain their cloud provider has the capability to adequately secure the workload," he added.
"In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software," said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. "In response, attackers continue to evolve their techniques to find new avenues into an organisation. As long as attackers profit from cyber crime, organisations should remain diligent in prioritising and addressing their vulnerabilities."
