X-Force Report

The IBM X-Force 2010 Trend and Risk Report reveals how 2010 was a pivotal year for the information security industry as networks faced increasingly sophisticated attacks from a widening variety of malicious sources.

• 2010 saw the largest number of vulnerability disclosures in history, up 27 %. This increase has had a significant operational impact for anyone managing large IT infrastructures. More vulnerability disclosures can mean more time patching and remediating vulnerable systems.
• 49% of the vulnerabilities disclosed in 2010 were web application vulnerabilities. The majority of these were cross site scripting and SQL injection issues. These vulnerabilities represent just the tip of the iceberg since many organizations develop third-party applications in-house that are not subject to public vulnerability reports.
• Many exploits are publicly released tens or hundreds of days after the public disclosure of the vulnerabilities they target, indicating that attackers may be able to make use of exploit code long after patches have been made available.
• The SQL Slammer worm continues to propagate on the Internet although it first surfaced in back in January 2003. Today this worm continues to be the most common source of malicious Internet traffic.
• Bot network activity continued to grow in 2010. In addition, the term “Advanced Persistent Threat” became an everyday part of the corporate security lexicon after high profile attacks on corporate enterprises by sophisticated, targeted attackers.
• Emerging trends like cloud computing and the proliferation of mobile devices continue to raise security concerns. Security has become a major influencer in the adoption of these technologies in corporate environments.

• Get the IBM X-Force 2010 Full Year Trend and Risk Report