Security vulnerabilities reached record levels in the first half of 2010, according to a report from IBM. The company's X-Force 2010 Mid-Year Trend and Risk Report documented more than 4,396 new vulnerabilities so far this year, an increase of 36 percent over the same period in 2009.
According to the report, 55 percent of these vulnerabilities "had no vendor-supplied patch at the end of the period." Web-application vulnerabilities are cited as the most frequent threat, with more than half of all reported issues involving this area. But the report said even that assessment could be underestimated, since it doesn't include custom-built web applications.
IBM's X-Force team said it started to see "widespread use of PDF-based exploits" in the first half of this year, and now three of the top five browser exploits involve PDFs. In April, IBM detected nearly 37 percent more activity than average in this area. The good news, says the report, is that more organizations are doing more about security, and that this is "having positive effects on the industry by driving more collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them."
In addition, the report notes that as organizations move to cloud-based computing, they should review the security requirements of the workloads to be hosted before reviewing service providers.
Did you enjoy this article? Click here to subscribe to Security Magazine.
The 1995 bombing of the Alfred P. Murrah Federal Building in downtown Oklahoma City, OK, changed the state of Oklahoma and the country as a whole forever, but it didn’t stop businesses and families from calling it home, including GE’s new Oil & Gas Technology Center (OGTC), in Oklahoma City. Learn how the OGTC is a shining example of high-tech security with GE’s historically customer centered beliefs and strategy. Also in this issue: why smart cards are increasingly being embedded into mobile devices and wearables, what role certifications play in your career, and much more!