IBM warns hackers wising up to firms' security policies

Hackers are adapting to the security policies firms are putting in place in order to steal corporate data and infiltrate systems, according to new research by IBM.

The firm made the warning in its X-Force 2011 Trend and Risk Report, which explored the public vulnerability disclosure findings from over 4,000 clients.

The report also warned there was a marked increase in the number of attacks targeting mobile devices and social networks.

Notably, the authors reported a 19 per cent rise in publicly-released mobile exploits, indicating that hackers are increasingly targeting mobile devices as they grow in prominence in the work place.

"I think that this is going to grow as a problem. We saw an increase in the amount of exploit code released this year, over the internet, designed to target mobile devices," X-Force strategy and threat Intelligence manager at IBM Thomas Cross told V3.

Cross said the growing bring your own device (BYOD) trend in many companies posed several risks by making it hard for IT staff to ensure employees devices are correctly patched with the latest security software, offering a potential goldmine of unsecured personal information to hackers.

The report also warned that attacks taking place on social media sites are also increasing, with many hackers using such sites to help develop new techniques to steal information.

"We're sharing a lot of information about ourselves online, more so than we did even a few years ago. If you're going to collect information about an organisation there's a great deal you can learn: who works there and what their online identity is," warned Cross.

"We are seeing that play into hack activity, with people creating sophisticated spear phishing attacks that are compelling to their victims and the way that you do that is by knowing who you are targeting."

IBM also warned that cloud computing is also a major security issue, because some companies that have pushed the technology out without taking adequate measures to protect the stored data.

"Many cloud customers tapping a service worry about securing the technology. Depending upon the type of cloud deployment, most, if not all, of the technology is outside of the customer's control," added Ryan Berg, IBM's security cloud strategist.

"They should focus on information security requirements of the data destined for the cloud, and through due diligence, make certain their cloud provider has the capability to adequately secure the workload."

The IBM X-Force 2011 Trend and Risk Report's findings mirror those of a previous report from Symantec that also cited BYOD as a key security concern for companies.