Mobile device vulnerabilities are at the forefront of cyber criminal trends, according to the annual "IBM X-Force Trend and Risk Report" (PDF) released on Thursday.
The study examined public vulnerability disclosures from more than 4,000 clients in 2011. Although progress against cyber security threats are evident, according to the findings, attackers have adapted quickly to the seemingly ubiquitous reliance on mobile devices. As a result, these tools are fast becoming a new, major target.
“New technologies are constantly being created that produce new challenges for IT security professionals.”
– Tom Cross, manager of threat intelligence and strategy for IBM X-Force
“We're starting to see real attack activity,” Tom Cross, manager of threat intelligence and strategy for IBM X-Force and co-author of the report, told SCMagazine.com on Thursday. “It's not nearly as prevalent as attacks against traditional workstations, but it's growing and it's a problem that people need to start taking seriously.”
According to the report, which examined the increase in malware related to mobile devices in 2011, many enterprises have been implementing bring-your-own-device security programs. However, many CISOs continue to say “no,” rather than “how.”
“Most of these attacks really require social engineering to some degree,” Ciaran Bradley, vice president of handset security products at Adaptive Mobile, a Dublin, Ireland-based mobile security firm, told SCMagazine.com on Monday. “There are a limited number of ways you can get malware onto your device.”
In addition to mobile devices, the study revealed that social media networks and cloud computing also are becoming areas of focus for modern-day miscreants. In all of these areas, the report found that the industry is still in a somewhat novice state regarding security efforts.
“Security is challenging because the environment is constantly changing,” Cross said. “New technologies are constantly being created that produce new challenges for IT security professionals.”
Although the X-Force study highlighted cyber swindler trends, it also showed that progress was made against security threats, including a 50 percent decline in the last four years in cross-site scripting vulnerabilities, a 30 percent decrease in the availability of exploit code, and an overall decline in spam. As well, it revealed more diligent patching being executed by software vendors.
When it comes to overall industry collaboration efforts, Cross said that having information regarding how a breach occurred is valuable to business decision-makers in charge of security, as it lets them know what work to prioritize.“There are many breaches that are still not disclosed, but disclosure is becoming more commonplace,” he said.