Security Technologies Advance, but Are Practices Keeping Pace with Emerging Threats?

A. DeCarlo

Summary Bullets:         

• As security technology and services continue to improve, a new IBM X-Force report on enterprise threats notes fewer exploits of application vulnerabilities.
• However, attackers (including a small but particularly threatening new class of ‘hacktivists’) are finding new and unprotected entry points as they use emerging technologies to prey on opportunistic targets. 

A pair of security trend reports from Verizon and IBM’s X-Force research and development team released this week paint a complex and nuanced picture of the current threat environment and the way organizations are arming themselves against risk.  While there is evidence that the combination of better and more accurate security technology, services, and best practices is helping enterprises limit their exposure, the reports show no reason for IT organizations to declare victory.  IBM compiled its “X-Force 2011 Trend and Risk Report” from a massive store of event and vulnerability data gathered by the company’s threat monitoring services.  The report shows a 30% drop in the availability of exploit code, a decrease in the number of un-patched software vulnerabilities, and a precipitous 50% decline in cross-site scripting vulnerabilities versus the previous year.  However, attackers are proving their resilience by finding new ways into the enterprise. Continue reading “Security Technologies Advance, but Are Practices Keeping Pace with Emerging Threats?” →