IBM recently released the results of its ‘X-Force 2011 Mid-Year Trend and Risk Report‘, and like other security-focused vendors, Big Blue warned the so-called “Bring Your Own Device” (BYOD) phenomenon is raising new security concerns. Moreover, IBM called 2011 the “year of the security breach” due to the large number of high profile attacks and network compromises that have occurred this year.
But there’s a silver lining to Big Blue’s assertion that this year has been among the worst on record for security breaches.
“Companies are actively talking about security. This introspection is precisely the activity organizations both public and private need to do in light of these threats,” explained Stewart Cawthray, senior security architect, IBM Canada. “What 2011 has shown us is every organization, small, medium or large, is a potential target.”
Whether from financially motivated botnet herders that want to infect as many random systems as possible to state-sponsored advanced persistent threats conducting espionage or cyber-warfare, organizations need to evaluate their risks and take appropriate actions to protect themselves.
“Security breaches will never be stopped. For every hole closed, the attackers will find a new one. For us to avoid repeating 2011 in 2012 organizations need to change the way they look at security and incident response,” Cawthray continued. “Traditionally companies reacted to security incidents after they were discovered. This was often too late to avoid the damage. A more proactive approach to scanning for vulnerabilities, patch and risk management, developing threat models, and including forensics in daily operational activities will allow organizations to identify breaches or attempted breaches sooner and avoid or limit the damage done.”
Andrew Hoog would certainly agree with the need for including forensics in daily operational activities. The CIO for Chicago-based viaForensics says his firm provides a unique way for companies to safeguard against mobile app threats and other nefarious cyber-attacks.
In a nutshell, viaForensics is a digital forensics and security firm. It has developed a mobile app security service and it provides a continuous forensic monitoring solution.
“More of our emphasis has been applying forensics proactively to complex security problems. Forensics is a key component to the mobile app security work that we do among other techniques,” he said. “We apply forensics also to more traditional security problems like monitoring and protecting key assets.”
Hoog explained that’s the defining difference between what viaForensics offers versus other security vendors. To its credit, the young firm has been working with a number of Canadian government and law enforcement agencies of late.
“In the past, forensics was a reactive thing that people brought in for certain instances. But if you bring it in in real-time, or proactively, it’s a significant game-changer,” he continued. “What we bring that’s different is a combination of traditional (security) techniques and our forensics layer. We’re on the cutting edge of forensics . . . the other guys may use their traditional techniques or they may buy some software but they’re always going to be a year behind the cybercriminals.”
On the subject of enterprise mobility, IBM Canada’s Cawthray remarked mobile apps are an attractive target for malware authors. Given how large the mobile device user base has become and as it continues to swell, it’s only logical that cybercrooks will increasingly target mobiles. A multi-pronged approach to security is required to thwart these rising threats, he advised, including end user education.
“Security for mobile devices in new and will grow and evolve over the next couple of years just as computer security has. We need to build on the lessons learned in computer security and apply them to our mobile devices,” he said. “If users don’t verify the authenticity of the programs they install or they go seeking pirated or free software in the dark areas of the Internet, they’re opening themselves up to problems.”
Although IBM’s X-Force team declared 2011 as a watershed in high-profile security breaches, the report also uncovered some improvements in areas of computer security.
For instance, the first half of 2011 saw an unexpected decrease in web application vulnerabilities, from 49 per cent of all vulnerability disclosures down to 37 per cent. This is the first time in five years X-Force has seen a decrease.
More good news: High and critical vulnerabilities in web browsers were also at their lowest point since 2007, despite an increasingly complex browser market.
After years of consistent spam growth until the middle of 2010, there has been a significant decline in spam volumes in the first half of 2011. The percentage of spam that is phishing on a weekly basis was less than 0.01 per cent. Traditional phishing has greatly declined from the levels X-Force was seeing prior to the middle of 2010.
Lastly, the SQL Slammer Worm has been one of the most common sources of malicious packets on the Internet since its appearance and naming by the IBM X-Force team in 2003, but it has fallen down the list after a dramatic disappearance observed in March 2011.
The most recent analysis strongly suggested that the SQL Slammer Worm’s disappearance is due to an unknown source or actor. But could it rear its ugly head again?
“It is hard to say,” Cawthray admitted. “I can safely say that vulnerabilities, such as the one SQL Slammer exploited, will always be found in computer software and malicious users will attempt to exploit them. Through better coding and testing practices, patch management, and incident response the risk posed by these future threats can and will be minimized.”