Study: IT security threats becoming more sophisticated

Global IT firm IBM recently published a study suggesting companies may wish to pay attention to cloud computing security to avoid increasingly sophisticated threats.

The report, called the X-Force 2010 Trend and Risk Report, examined a variety of IT security threats affecting organizations in both the public and private sectors during 2010.

Research for the study was comprehensive, utilizing analysis data from more than 150,000 security events per second during 2010.

Among the study’s key findings was the fact that there has been a significant shift in perception regarding cloud computing security. Adoption of cloud computing continued to increase during 2010 and, as a result, knowledge about the cloud increased as well.

According to the study, security is still a barrier for many companies considering cloud adoption. Nevertheless, many are now making the move, resulting in increasingly robust cloud computing security technologies. According to IBM, cloud security is likely to improve as more companies store sensitive data in the cloud.

“Over time, IBM predicts the market will drive the cloud to provide access to security capabilities and expertise that is more cost effective than in-house implementations,” the report said. “This may turn questions about cloud security on their head by making an interest in better security a driver for cloud adoption, rather than an inhibitor.”

Despite the improvements, companies should investigate their options and, if they wish to store data securely, ensure their cloud provider offers reliable security measures, according to the report.

The study documented approximately 8,000 new vulnerabilities in 2010. According to IBM, this constitutes an increase of 27 percent over 2009. This suggests an “expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.”

Another area of concern is the growing use of smartphones and other mobile devices, such as media tablets, in company IT settings. The study found many organizations have found it difficult to bring such devices into corporate networks without compromising security. Over the course of 2010, the study’s data showed an increase in the number of vulnerability disclosures targeting smartphones.

The IBM report comes on the heels of another recent threat trends report, published by Trend Micro. That report found many cybercriminals are using so-called “toolkits,” pre-written software programs designed to help cyber criminals steal data.

The Trend Micro report also found the overall volume of spam in 2010 decreased. The United States and India received the largest volumes of spam, according to the report, while Argentina and Israel received the least. Most spam involved using email to disguise malware attacks and attempts at phishing, with healthcare- and pharmaceutical-related attacks by far making up the majority of cases.

The increased sophistication of IT threats was evidenced in the Trend Micro report as well. According to the report, malware is now targeting new platforms, such as Google’s Android operating system. Similarly, malicious programs have been designed that emulate text messages and utilize devices’ GPS systems.

According to Trend Micro, the two markets that were most hard-hit by malware infections in 2010 were the United States and China. Most malicious URLs were located in these countries, as were most victims of malware attacks. Russia was also a significant source of attempted cyber attacks, the report said.

For many companies, security is the final obstacle to full cloud adoption. The cloud offers a number of benefits, including scalability, flexibility and expense reduction. According to a recent Smart Business report, cloud computing can help a company save as much as 40 percent on operating costs.