"Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future," said Steve Robinson, general manager, IBM Security Solutions. "This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities. This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design."
As well as observing a 36% increase in vulnerability disclosures to 4,396 in the first half of 2010, the X-Force team also noted that over half of these remained unfixed by mid-year.
On a positive note, the report also observes that "In the first-half of 2010, organisations were doing more to identify and disclose security vulnerabilities than ever before. This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them."
"Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organisations, online payment institutions and auctions represent the majority of other targets."
Looking to the future, the report notes two growing technologies that are expected to attract the increased attention of the nasty people.
Firstly, there is Virtualisation. "Questions have been raised about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force's vulnerability data shows that 35 percent of vulnerabilities impacting server class virtualisation systems affect the hypervisor, which means that an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualisation projects." This area was also identified as a potential area of concern with respect to the physical management of the virtualised environments.
Identifying the second area of concern, the report observes, "As an emerging technology, security concerns remain a hurdle for organisations looking to adopt cloud computing. As organisations transition to the cloud, IBM recommends that they start by examining the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Gaining a good understanding of the needs and requirements first will help organisations take a more strategic approach to adopting cloud services."
In both of these areas, it is clear that a race to the "latest and greatest" technologies should always be tempered with a careful analysis if the risks involved.