Your Risk Management Magazine
Vulnerabilities, impact of threats down

Font size : + -

email print

MOBILE APPLICATIONS and social networking were seen as the biggest security threats by small and medium-sized businesses in a recent survey by Symantec, but both it and another survey from IBM appeared to register a plateau in software vulnerabilities and impact on users.

The Symantec survey on the internet security and storage behaviours of SMEs in Australia also found there was no significant increase in the impact of spam and internet threats on these companies in the past 12 months.

IBM’s X-Force 2007 Trend Statistics reported for the first time a drop in disclosed vulnerabilities, down by 5.4 per cent since the previous year. This followed a sharp increase in 2006 by around 40 per cent on 2005, and average increase of 27 per cent per year since 2000.

However, IBM was unsure of the reason for this year’s drop.

“The 5.4 per cent decline in 2007 could simply be a statistical correction to the growth in vulnerabilities in 2005 and 2006. Although the number of disclosures dipped in 2007, the drop (5.4 per cent) is less dramatic than the decrease in vulnerability growth witnessed between 2002 and 2003,” the report states.

Steve Martin, Symantec manager, mid-market, in Australia and New Zealand, said it appeared businesses are now investing adequately in security software.

“That seems to indicate that in a general sense small business is doing a pretty good job with their overall IT infrastructure and their IT approach,”he said.

“Business is going well and there is a strong focus on doing the right thing and having the right sort of technology in place to protect and secure their information.”

Eighty-three per cent of businesses now have internet guidelines and actively educate their staff on how to use the technology and how to use the internet safely, up from 77 per cent last year.

“Half of the battle is education. Technology does part of it, but it is also about education and people are aware of not clicking on phishing emails, for instance.”

However, 46 per cent are still affected by internet security threats and 24 per cent specifically had been affected by a phishing scam.

As a result, the focus of many users and vendors, including Symantec, is now shifting to data loss, inadvertent or via malicious means.

Seventy-two per cent of those surveyed said the main reason for “securing, protecting and managing their information” is a greater awareness of the consequences of data loss, followed by regulatory compliance on 27 per cent.

“The research shows that organisations are aware of the significant risks surrounding the storage of information and are clearly prepared to take no chances, with 98 per cent of Australian SMEs backing up their business-critical information,” said Martin.

IBM’s X-Force classifies vulnerabilities as high impact those that allow immediate remote or local access, or immediate execution of code or commands with unauthorised privileges. These kinds of vulnerabilities have in fact steadily declined since 2000 and medium and low threats, which include the traditional denial of service attacks, although there was a jump in high-impact vulnerabilities from 16 per cent of the total in 2006, to 22 per cent in 2007.

The top five that reported vulnerabilities were (in order): Microsoft, Apple, Oracle, IBM and Cisco, although together they only accounted for 13.6 per cent of the total reported vulnerabilities.

  • Bookmark & Share
go back
Your comment
Risk management is the place for positive industry interaction and welcomes your professional and informed opinion.
eNewsletter

Breaking news, video interviews, opinion and analysis delivered straight to your inbox. Subscribe now
Categories

Home   |    Advertising   |    About Us   |    Contact Us   |    Privacy Policy  

© 2012 Key Media Pty Ltd.