View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Security improvements force cybercriminals to change approach

IBM reports that mobile, social and cloud are fast becoming top targets for attackers

By Vinod

A new report into the state of the security industry by IBM has revealed a "surprising" improvement in online safety, but this is just forcing cybercriminal to change their attack method.

Big Blue’s X-Force 2011 Trend and Risk Report revealed a number of improvements in internet security, mostly driven by improvements from the software industry.

Included in these improvements is a drop in unpatched software vulnerabilities, down from 43% in 2010 to 36% in 2011. IBM also claimed there has been an improvement in the quality of software application code, with web-application vulnerabilities half as likely to exist in clients’ software as they were four years ago, the company said.

However as these lines of attack are shut down, IBM says cybercriminals are finding new ways to reach their target. These include phishing attacks launched through social networks, increased efforts to exploit mobile vulnerabilities and automated password guessing.

IBM says that as the adoption of social media platforms and technologies, attackers have focused their efforts in that space. Some use them for pre-attack intelligence gathering, hoping to take advantage of the huge amount of personal information many people feel comfortable releasing online. Others have started to send phishing emails that impersonate a social media site.

The threat to mobile devices in the enterprise mainly comes from the Bring Your Own Device (BYOD) phenomenon, also known as the consumerisation of IT. IBM X-Force observed a 19% increase over the prior year in the number of exploits publicly released that can be used to target mobile devices, which are often unpatched.

IBM also identified cloud computing as creating new opportunities for cybercriminals and suggested that as adoption goes mainstream attacks and breaches are likely to continue. "IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data," the report warns.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Many cloud customers using a service worry about the security of the technology. Depending upon the type of cloud deployment, most, if not all, of the technology is outside of the customer’s control," added Ryan Berg, IBM security cloud strategist, in a statement.

"They should focus on information security requirements of the data destined for the cloud, and through due diligence, make certain their cloud provider has the capability to adequately secure the workload," he added.

"In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software," said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. "In response, attackers continue to evolve their techniques to find new avenues into an organisation. As long as attackers profit from cyber crime, organisations should remain diligent in prioritising and addressing their vulnerabilities."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.