Story image

Attackers sharpen skills, so must CISO's

27 Sep 13

Chief Information Security Officers (CISO’s) must increase their knowledge of the current vulnerability and attack landscape, such as mobile and social technologies, to more effectively combat emerging security threats.

For over 15 years, IBM X-Force has been tracking trends and emerging threats, with the tech giant releasing the 2013 mid-year trend and risk report which highlights some of the key findings in the industry.

For CISO’s, it’s no surprise that tried and true attack tactics can cause the most damage to an enterprise.

"Known vulnerabilities left unpatched in Web applications and server and endpoint software, create opportunities for attacks to occur," the report says.

"These unpatched applications and software continue to be facilitators of breaches year after year."

However, the latest X-Force report also recognises that attackers are improving their skills, which allows them to increase their return on exploitation, capitalising on users’ trust when it comes to new vectors like social media, mobile technology and waterhole attacks.

Attackers are optimising their operations around many key initiatives which include a path of least resistance to reach the largest number of potential targets for the minimal amount of exploit effort.

For example, attackers are optimising:

• The exploitation of trust via social media.

• Coordinated operations leaking user data as well as exploiting weak entry points into global brands such as foreign local language or franchise sites.

• Mobile malware with Android devices as the market expands.

• Take over of central strategic targets to access and exploit a broader base of end users.

• Diversion and distraction techniques which throw security administrators off path, while breaching targets under the cover.

To read the report in full click here

The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Record revenues from servers selling like hot cakes
The relentless demand for data has resulted in another robust quarter for the global server market with impressive growth.
Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.