Latest news
Major security reports routinely paint a sombre picture of the state of Internet security. Based on your experience, do you expect things to be better in the next 5-10 years?
If you look at our very latest IBM Full Year X-Force 2011 Trend and Risk Report you will note that despite the many challenges, throughout the report, we have also observed some positive trends and improvements.
The total number of reported web application vulnerabilities is lower than we’ve seen since 2005 and X-Force is seeing a significant decline in the number of true exploits that have been publicly released. When exploit code is released on the Internet it can provide an easy means for attackers to target vulnerabilities. In the past few years, exploit code was released for about 15 percent of the vulnerabilities that were publicly disclosed.
This year that number has dropped to 11 percent. The frequency of exploit code releases targeting web browsers as well as document readers and editors was down to levels not seen in over four years. Publicly disclosed vulnerabilities were also more likely to have patches than ever before. The percentage of unpatched vulnerabilities was down to 36 percent from 43 percent last year.
Throughout 2011 security teams were repeatedly challenged to do better.
Many were challenged to improve processes, technology, to educate employees and customers on safe practices, and to raise security intelligence by increasing visibility into the security posture of the business. IBM believes the way to help clients get ahead of security threats is to connect our analytics and intelligence capabilities across an organization for better prediction and detection. IBM made a big move by acquiring Q1 Labs in October 2011 and creating the new Security Systems division.
Continued news on how we’re advancing our security intelligence platform shows how seriously we’re addressing the market. With awareness comes action and change. It is our hope to make change. With this in mind we expect things to improve as awareness of the issues rises and the approaches, tools and techniques improve and clearly the significant investment we make in research will also help.
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
