IBM Research Report Sample

According to Symantec, a provider of corporate and consumer security products, attacks today have the potential of being more severe than in the past. Analysts have noticed that the time between the discovery of a vulnerability and the exploitation of the vulnerability has been shrinking. Whereas institutions had months and sometimes years to implement the latest patch developed to remedy a vulnerability, today they have days. In the most recent Symantec Internet Security Threat report, the interval was 5.8 days.

Given the dominance of the Windows platform in the corporate and consumer market, more and more security attacks are exploiting vulnerabilities found in Windows software (Figure A). Well over 50% of the top ten malicious code attacks submitted to Symantec between January and June 2004 were Win32 threats.

Another finding from Symantec's analysis of security threats is that attacks are more targeted than before. Analysts have been observing an increase in the number of attacks aimed at acquiring specific data or causing damage at specific organizations. In addition, more of these attacks are financially motivated. For example, a recent security attack targeting the online payment processing company Authorize.net took place after the company received an email message from an extortionist requesting a significant amount of money. Will we start to see similar cyberspace holdups targeted at financial institutions?