Chief information security officers (CISOs) are required to increase their knowledge about the growing vulnerability and attacks, including mobile and social technologies, to more effectively deal with raising security threats, according IBM's new report.
The latest X-Force 2013 Mid-Year Trend and Risk Report revealed that CISOs already know that the tested and proved to be reliable attack tactics would cause high damages to an enterprise.
IBM reports also presses that hackers are enhancing their skills to get best out of hacking attack, and they are taking advantage of on users' belief when it comes to social media, mobile technology and waterhole attacks.
IBM X-Force security research group worldwide threat response manager Leslie Horacek said that criminals are selling accounts on social networking sites, some belonging to actual people whose credentials were compromised, others fabricated and designed to be credible through realistic profiles and a Web of connections.
"As a minimum they function to inflate page 'likes' or falsify reviews; though more insidious uses include hiding one's identity to conduct criminal activities - the online equivalent of a fake ID, but with testimonial friends, adding to the deception," Horacek said.
Users are also advised to take up a mindset of responsible until confirmed innocent when it comes to social media and firms also have to provoke suspicion to safeguard users and assets.
"Technology advancements and controls are available, best practises continue to be refined and taught, but ultimately the trust the user believes they have, may circumvent anything security practitioners put into place," Horacek added.
The report also notes rise in Android devices and malware in past years, with older mobile devices being more vulnerable, as only 6% of Android powered devices are running run updated version of the platform.
"We also anticipate that the degree of sophistication for this malware will eventually rival those found in desktop malware," Horacek added.
"There could be more improvements to combat malware in future versions of Android, but we believe that OS fragmentation (older versions that are being used as much as newer ones) will remain a problem."
During the January to June 2013 period, there were 4,100 new publicly reported security vulnerabilities across software, both mobile and desktop, while web application vulnerabilities reduced during the year.
"The most prevalent consequence of vulnerability exploitation for the 1st half of 2013 was 'gain-access,' at 28% of all vulnerabilities reported," Horacek said.
"In most cases, gaining access to a system or application provides the attacker complete control over the affected system, which allows them to steal data, manipulate the system, or launch other attacks from that system."
US topped the list of countries by hosting over 42% of all malicious links, followed by Germany with 10%.
Internet payment companies, social networks, and internal scanners or fax devices lured users to click on bad links and attachments in emails, which account for over 55% of all scam and phishing incidents.
"While attackers continue to optimise their operational sophistication, a return to security basics is still one of the most effective strategies to mitigate both old established, as well as evolving techniques," Horacek added.
"If anything is certain, we can see that the concept of trusted devices and services is long gone."
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.