Security vulnerabilities reached record levels in the first half of 2010, according to a report from IBM. The company's X-Force 2010 Mid-Year Trend and Risk Report documented more than 4,396 new vulnerabilities so far this year, an increase of 36 percent over the same period in 2009.
According to the report, 55 percent of these vulnerabilities "had no vendor-supplied patch at the end of the period." Web-application vulnerabilities are cited as the most frequent threat, with more than half of all reported issues involving this area. But the report said even that assessment could be underestimated, since it doesn't include custom-built web applications.
IBM's X-Force team said it started to see "widespread use of PDF-based exploits" in the first half of this year, and now three of the top five browser exploits involve PDFs. In April, IBM detected nearly 37 percent more activity than average in this area. The good news, says the report, is that more organizations are doing more about security, and that this is "having positive effects on the industry by driving more collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them."
In addition, the report notes that as organizations move to cloud-based computing, they should review the security requirements of the workloads to be hosted before reviewing service providers.
Did you enjoy this article? Click here to subscribe to Security Magazine.
Two-way communication is key for Director of Security Brian Reich at Time Warner Cable, who strives to push his security officer partners to expand their role beyond the daily responsibilities of traditional security functions, striving to support the goals of the business. Also in this annual report, learn how consolidation is changing the guarding industry, how technology can support security officers and how a proposed ANSI standard could change the way enterprise security leaders fulfill officer training and selection. Also learn about building a network of influencers and data privacy clauses.