Security vulnerabilities reached record levels in the first half of 2010, according to a report from IBM. The company's X-Force 2010 Mid-Year Trend and Risk Report documented more than 4,396 new vulnerabilities so far this year, an increase of 36 percent over the same period in 2009.
According to the report, 55 percent of these vulnerabilities "had no vendor-supplied patch at the end of the period." Web-application vulnerabilities are cited as the most frequent threat, with more than half of all reported issues involving this area. But the report said even that assessment could be underestimated, since it doesn't include custom-built web applications.
IBM's X-Force team said it started to see "widespread use of PDF-based exploits" in the first half of this year, and now three of the top five browser exploits involve PDFs. In April, IBM detected nearly 37 percent more activity than average in this area. The good news, says the report, is that more organizations are doing more about security, and that this is "having positive effects on the industry by driving more collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them."
In addition, the report notes that as organizations move to cloud-based computing, they should review the security requirements of the workloads to be hosted before reviewing service providers.
Did you enjoy this article? Click here to subscribe to Security Magazine.
Who are the thought-leaders pushing the security industry forward, in government, cybersecurity, corporate security and education? Learn about this year’s security champions in our annual Most Influential People in Security report. Also in this issue: Data security concerns for healthcare institutions; ruggedized security technology; covert surveillance installations; how to polish up your resume and references; infinity background screening for workplace violence risk mitigation and more.