X-Force: cyber attack trends are worrisome

Tuesday - 8/31/2010, 2:27pm EDT

Kris Lovejoy, vice president of security strategy, IBM

Click below to hear the interview

Download mp3

By Vyomika Jairam
Internet Editor
FederalNewsRadio.com

Cybersecurity risks are like fruit flies. There are tons of them, and they constantly mutate. IBM's X-Force keeps a constant eye on cyber threats, including the reported vulnerabilities in published software.

The latest X-Force report found four emerging megatrends, according to IBM's vice president of security strategy, Kris Lovejoy.

  • There's a new complexity in malware, Lovejoy said. Strains are now more resilient, self modifying and incrypted.

  • There's a growing threat to online services, both to users and the industry. Lovejoy said they seem to be targeting new technology, such as level peer-to-peer and Voice over IP. There's also been an increasing threat to the financial sector, Lovejoy said.

  • The market for software flaws has gotten bigger. There's a marketplace for bartering inside knowledge for tools for cybercrime

  • There's a heightened threat to critical infrastructure, one that's enough to keep Lovejoy awake at night, because traditional protective measure currently in place just aren't enough anymore she said.
"Interestingly, computer skills are no longer necessary to actually execute the cyber crime, the tools themselves have become so sophisticated," Lovejoy said. "it's not longer about curiosity and about claiming fame, it's about well funded, well organized operations."

Lovejoy said that there should be better security as companies design an application, software, or network; the cost of finding and modifying a security vulnerability in the development phase is $80. If that defect goes to market, Lovejoy explained, companies face at least $7,600 in costs to structural changes, not to mention any financial casualties, and the impact to product reputation.

Her advice to companies? Build in security checkpoints into the development process, and make updating the system automated to eliminate the scope for human error.

This interview was part of today's Cybersecurity Update. Check out all of Federal News Radio's coverage of cybersecurity issues here.