Tuesday, February 3, 2009

Half of 2008’s security vulnerabilities still waiting for patches


Security is still at the top of the list of priorities for IT managers and CEOs across the globe, and this year, the heat is on for IT service providers to prevent security breaches as cybercrime continues to rise in 2009. (Well if you take the past few days in the UK it’s the deep freeze that can cause business continuity problems).

New research from IBM’s X-Force claims that half of the security vulnerabilities discovered last year still had not been addressed with patches from their vendors by the end of 2008.


Last year’s vulnerabilities are not the only ones still out there. The research claimed that there are still no available patches for 44% of 2007’s vulnerabilities and 46% of those from 2006. 2008, however, was a record year for vulnerabilities; there were 7,406 during that period. Microsoft took the top spot for the most vulnerabilities disclosed; a position usually occupied by Macintosh and Linux for the past three years.


Further, the report went on to outline where spam and malicious websites were coming from in 2008. Russia produced 12% of all spam, the largest single proportion, whilst the US created 9.6% and Turkey 7.8%. China was found to have hosted the most malicious websites of all countries.


Finally, the most common form of phishing attacks were aimed at financial institutions, and almost half of malware attacks focused on people playing online games or using internet banking.

When the UK and the USA plan to have a majority of people on fast-speed broadband connectons there is a requirement for all businesses to address these problems. It’s not a matter of regulating the system during operating hours but continually 24/7; whether it’s a snow storm, union strike or increased consumer internet activity – companies need to take the steps to secure their organisation and the data within it.

No comments: