The cybersecurity industry received encouraging news last week as the IBM X-Force 2011 Trend and Risk Report revealed significant progress in several key areas. But as network administrators begin to close the gap on cybercriminals, it appears as though their adversaries are restructuring their tactics to explore and exploit new vulnerabilities.
IBM researchers suggested that major strides were made in both the quality and security of software released in 2011. There were 7 percent fewer unpatched vulnerabilities at the end of last year than there were in 2010, according to the report, and web applications were 50 percent less vulnerable to cross-site scripting attacks than they were four years ago.
Even in the cases where developers could not close security loopholes in time, exploited code made it into the hands of cybercriminals much less frequently in 2011. Approximately 30 percent fewer exploits were released to the online community last year in comparison to the average observed in the past four years.
"In 2011, we've seen surprisingly good progress in the fight against attacks through the IT industry's efforts to improve the quality of software," IBM spokesman Tom Cross explained. "In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cybercrime, organizations should remain diligent in prioritizing and addressing vulnerabilities."
Not surprisingly, cybercriminals are shifting the data security conversation toward mobile, social and cloud computing. For instance, there was a 20 percent jump in the number of publicly available mobile operating system exploits in 2011. This should be especially concerning to offices employing a bring-your-own-device (BYOD) approach to mobility management, as few end users will be qualified to address these risks autonomously.
Social media is emerging as another critical arena in which employees may require the security expertise of their IT colleagues. Social engineering tactics have allowed cybercriminals to gather deeper and more complete profiles of their targets in recent years, and according to the report, social media sites are becoming a primary avenue for phishing attacks. Whether it's through enticing messages on Facebook or fraudulent emails from cybercriminals posing as Twitter support personnel, the traps set by hackers are becoming much harder to identify to the untrained eye.
Finally, cloud computing has become the central disruptor behind many of the most pressing Internet security concerns.
"Many cloud customers using a service worry about the security of the technology. Depending upon the type of the cloud deployment, most, if not all, of the technology is outside of the customer's control," IBM cloud security strategies Ryan Berg noted. "They should focus on information security requirement of the data destined for the cloud, and through due diligence, make certain their cloud provider has the capability to adequately secure the workload."
These data protection concerns were piqued by a number of high-profile, cloud-related data breaches in 2011, but some experts still fear that it may take a worst-case scenario before organizations finally reassess their perspective of data security in the cloud. To avoid becoming an unfortunate case study, IBM analysts suggested focusing on ownership, access management, governance and contract termination. This comprehensive approach can help companies track and protect their data throughout its lifecycle.
Although the medium is different, data protection fundamentals have not changed, according to TechNewsWorld. As public- and private-sector organizations review the successes and failures of early cloud adopters, the strength and detail of service-level agreements are being seen as determining factors. And with more cloud service vendors flooding the market, IT decision-makers have additional leverage when expecting and demanding clarity and diligence from their chosen partners.
Data Security News from SimplySecurity.com by Trend Micro