IBM Says Security Threats Mount Despite More Awareness

By David Zielenziger | March 21 2012 11:36 PM

Nick Bradley, senior manager for IBM (NYSE: IBM) global security operations, said despite more awareness, computer center managers need to be vigilant against cyberattacks.

Reuters

Cyber security analysts work to defend a network during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, September 30, 2011.

Sponsorship Link

Security isn't just a bunch of information technology (IT) guys, he said. People need to be careful what they upload and download from the Cloud, or Internet-based computer environments, or from trusted parties.

IBM Thursday issued its latest X-Force Report that covered the performance of cyberattacks last year and presents a mixed verdict: some threats, like spam and and unpatched security vulnerabilities decreased.

Trouble is, they were offset by new and unprecedented problems like attacks on social media and getting into the literal software shells of enterprise computer systems.

Bradley, who oversees security for the Armonk, N.Y., computer services provider at nine global data centers from a command center in Atlanta, said the X-Force team monitored billions of security events last year in those centers, which also serve corporate and public sector customers.

Hackers Get Sophisticated

One of the more disturbing new developments is the sophistication by hackers in getting past cyberguards directly into the shells of software that manage systems. That replaced previous intrusions by hackers into the system-query language (SQL) behind databases, Bradley said.

Lots of intrusions were made and lots of passwords were obtained, the IBM security expert said. Last year was notorious for intrusions into systems such as Sony's (NYSE: SNE) PlayStation network and those of major banks and retailers.

One of the more vicious attacks was by hackers who attacked a shell, put up what looked like a legitimate customer application screen and then wound up with valuable information loaded in by unwitting users.

Bradley declined to discuss incidents in which government-sponsored hackers, believed to be from China or Iran, attacked U.S. Government websites, including those of the Pentagon, Defense Intelligence Agency and others.

There is activity we have noticed and it does imply a threat, he said.

Threat from BlackBerrys and iPhones

Going forward, Bradley said IT managers need to be on guard against new security threats, most notably from employees of companies who use their Research in Motion (Nasdaq: RIMM) BlackBerry or tablets like the Apple (Nasdaq: AAPL) iPad or Samsung Electronics Galaxy Tab to download and interact with corporate data.

IBM began selling security software to handle this problem last year. The product constantly monitors such handheld devices and can erase all data if they are lost or stolen. Other vendors, such as LANDesk and Citrix Systems (Nasdaq: CTXS) also introduced rival products.

Even with that software, the cybersecurity executive said, consumers need to guard against applications that may snatch confidential information from their devices.

IBM shares rose 64 cents to $205.33 in midday Thursday trading. IBM, with a market capitalization of $237.9 billion, is valued at more than triple that of Hewlett-Packard (NYSE: HPQ), the biggest computer services company by revenue.

The new IBM report is available at www.ibm.com/security/xforce.