Friday, 28 September 2012

Threat report identifies most common cyberattacks

Cybersecurity has been making headlines frequently this year, and it's not all because of the U.S. government's struggles with legislation. According to the X-Force 2012 Mid-Year Trend and Risk Report, 2012 may be a "record year" for corporate security breaches. SmartPlanet blogger Joe McKendrick highlighted some of the research's findings, which include common forms of attack and the impact of technology trends. Some of the common website security threats include:
SQL injection: The threat report recognized this as the most common attack technique.
Cross-site scripting: More than 51 percent of all web application vulnerabilities fall into the XSS category.
Website hijacking: Hackers are increasingly breaking into legitimate websites in order to inject them with malicious code.

Trends such as bring-your-own-device have heightened the need for more comprehensive security practices, according to McKendrick. In many cases, BYOD policies are still underdeveloped and fail to account for many common threats. In addition to external threats, enterprises must be aware of internal vulnerabilities such as the use of jailbroken or rooted devices, which present significant security holes. According to the report, the most common mobile threat comes from rogue applications, which charge users for premium SMS services. However, data mining applications pose another risk to devices that could store mission-critical information, so companies should adopt data security practices such as encryption to protect their digital assets.
The BYOD security risk
The BYOD trend is expected to continue picking up steam, but many organizations may be unprepared for protecting themselves against security breaches. A June survey conducted by Equanet, the specialized B2B channel of DSGi Business, found that 72 percent of employees in the United Kingdom use personal devices at work. Despite the high proliferation of mobile devices in the enterprise, 62 percent of IT managers said their business did not have a BYOD policy, and 24 percent didn't know if there were a BYOD policy in place.

"Personally owned devices are often faster and more efficient than the IT equipment businesses can afford to provide," said Phil Birbeck, managing director of DSGi Business. "Recent advances in smartphones and tablets have revolutionized the way we work and blurred the distinction between social and office usage. As a result, the popularity of personally owned devices has been rapid and inevitable. We’ve found that 29 per cent of businesses have actually saved money from their IT budget by implementing BYOD policies."
As this research has shown, the popularity of new technology has created significant opportunities for business by allowing enhanced access to corporate resources. But companies must also leverage security best practices in order to fully protect those assets as they are stored on a larger number of platforms and devices.

by thawte.