Feature
The bi-annual IBM X-Force Trend and Risk report shows that the level ofphishing and documentattacks is rising dramatically, with phishing, malicious web links and document vulnerabilities the main way in whichhackers hack your information.
Data, Money Main Targets
And while financial gain is the principal objective of such attacks, increasingly, the report finds, hackers are also looking to steal data from individuals and enterprises.
However, vendors are responding and even doing better than they have in the past, but vulnerabilities are still at record high levels despite a decrease of 11% between 2008 and 2009.
Despite the ever-changing threat landscape . . . vendors are doing a better job responding to security vulnerabilities. However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate," said Tom Cross, manager of IBM X-Force Research.
Web-Related Vulnerabilities
IBM has been publishing the report since 1997 when it started researching and identifying vulnerabilities with 48,000 cataloged to date. This year’s report is no different than other years in that some of the findings should make many enterprises very nervous.
Learning Opportunities
Webinar
May
30
ChatGPT and the Future of Conversational AI
This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.
Webinar
May
31
The Evolution of Employee Listening - 2023 Trends & Best Practices
Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice
Webinar
Jun
1
How organizations can design, build and run Generative AI into the Customer Experience
Discover how to drive enhanced CX through Generative AI
Webinar
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
May
30
ChatGPT and the Future of Conversational AI
This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.
Webinar
May
31
The Evolution of Employee Listening - 2023 Trends & Best Practices
Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice
IBM defines vulnerabilities as any computer-related vulnerability, exposure or configuration setting that may result in a weakening or breakdown of the confidentiality, integrity or accessibility of the computing system. Threat levels are classified using the Common Vulnerability Scoring .
Findings this year include:
- There were 6601 vulnerabilities identified last year including SQL Injections (injecting malicious code into websites and ActiveX) down 11% on the previous year.
- Forty-nine percent of all vulnerabilities are web related with no patch available for 67% of vulnerabilities.
- Vulnerabilities with document editors and web browsers with no patch have decreased.
- Vulnerabilities for document editors and readers has risen by 50% from 2008.
- Malicious web links have risen by 345% on 2008.
- Phishing attacks rocketed in the second half of 2009 with the USA, Russia and Brazil accounting for the origins of most malicious attacks.
- By industry, 61 percent of phishing emails purport to be sent by financial institutions, whereas 20 percent purport to come from government organizations.
And there are many other findings that companies need to take note of. What does come across though is that most of the vulnerabilities can be fixed if the right action is taken.
If you’re interested in more, you can download this and previous reports through the IBM security website, but you will need to register.
