The bi-annual IBM X-Force Trend and Risk Report was recently released and, as always, there are some interesting insights …
First of all, in case you aren’t familiar, the IBM X-Force team is a group of security researchers who “study and monitor the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content.”
They have at their disposal an enormous base of empirical data based upon the information gleaned from the more than 3,700 client networks managed which generate roughly 13 billion (with a “b”) events per day across 133 countries. In addition, this group also maintains a data base of 17 billion web pages and images, 40 million spam and phishing attacks and 80 thousand documented vulnerabilities. In other words, way more than enough data to identify meaningful trends which can be generalized to apply across industries and international borders.
So, what did they find? Lots of things, of course, but some that I found interesting were:
Then there’s this provocative prediction that mobile computing will actually become increasingly more secure eventually surpassing that of traditional desktop/laptop devices. That’s a statement you may want to noodle on a bit to see whether you agree or disagree but before you decide either way, take a look at the report to see the rationale behind this unconventional assertion.
The report is available at ibm.co/xforce or bit.ly/xreport. In addition, you might want to listen in on a podcast hosted by IBM’s Caleb Barlow discussing some of the findings, which can be found at his blog at www.blogtalkradio.com/calebbarlow
Looking forward to seeing many of you at Pulse 2013 in Las Vegas, March 3-6. There will be loads of sessions led by IBM customers talking about their experiences, best practices,lessons learned and the like as well as a great opportunity for professional networking.
For those that can’t make it there in person, many of the sessions are available online at the ibm.com/pulse web site.
BYOD or “Bring Your Own Device” is like a runaway train barreling down the tracks. If you’re the IT Dept you can either jump on board where at least you have a chance to determine which track it rides on or stand in front of the train, hands outstretched yelling “stop!” As you might guess, in that latter scenario, the train always wins.
But that doesn’t mean you just give up and let anyone bring any device they want into the corporate network where sensitive data is kept. The threat these handy gizmos pose is real but so is their value to the organization so you have to recognize both aspects and do what you can to mitigate the risks.
One of those risks is that the phone could be riding around New York City in the back of a cab even though the device’s owner no longer is. According to this article article in USA Today, Americans lost $30 billion (with a “b”!) worth of cell phones last year alone…
With the proper precautions, though, you actually can embrace the trend that has resulted in the proliferation of this ubiquitous computing capability. Here’s a good story from InfoWorld on how IBM is doing it …
There are no risk free options here but learning to say “how” rather than “no” at least ensures that you remain part of the conversation.
IBM’s X-Force researchers have released their 2011 year end Trend and Risk Report and there’s good news and bad news for those of us trying to defend the castle, so to speak. First the good …
But don’t pop the corks just yet …
Also, bear in mind that some of these statistics are cyclical in nature with a down year typically proceeding an increase in the following year.
All in all, though, some great info to have at your disposal and to factor into the way your organization views IT risk.
For more info including access to the free report and an overview video go to http://www-03.ibm.com/security/xforce/.
I attended IBM’s Pulse Conference in Las Vegas this week (March 4-7, 2012) and what a show it was! IBM Fellow Grady Booch’s interview with Apple co-founder, Steve Wozniak (Woz starts about 56 mins in), was a real highlight as was the Maroon 5 concert the night before. They even let me join in on the fun with a video interview of “all things security” which ranged from discussing the significance of launching of the new IBM Security Systems division to the changing nature in both motivation and sophistication in the current hacker threat.