IBM's New Risk Report: More Evidence for IT Governance

IBM just came out with its X-Force 2010 Mid-Year Trend and Risk Report.  Pointing out the biggest vulnerabilities to an organization's infrastructure, the report finds that the latest threats aren't from a single point of entry.  Rather, every employee and endpoint has become a potential threat of entry.

Some fast facts from the report:
    ⁃    There's a 36 percent increase in security vulnerabilities.
    ⁃    Web applications with security exploits accounted for 55 percent of all disclosed vulnerabilities.
    ⁃    In the first half of 2010, financial institutions represent 49 percent of all phishing email targets with more than two thirds of those victims in North America.

When you think about the sheer volume of technology that is strewn throughout a company, it's easier to understand how every computer and mobile device can also be a point of vulnerability.  

Just think about the amount of trial software that is downloaded, open source projects, social media check-ins, and company-created software and it's easy to get a bit dizzy when you think about how it's managed, protected and checked to make sure it doesn't violate corporate policies.  Further complicating the infrastructure are endeavors such as post-merger integrations and global expansion as well as initiatives such as cloud computing and virtualization.  Not to mention the impact of outside forces such as spam, phishing and malicious URLs.

While the IBM report focuses on security vulnerabilities, there is something to be said about an overarching approach to IT governance in order to further protect a company.   In an interview I did with industry analyst Dana Gardner for my upcoming book "Glitch," he suggested that perhaps security is a subset of IT governance.   

Along those lines, I recently spoke with a Textron IT executive who pointed out the fact that today there is less line-by-line software coding.  This makes sense in a world of mashups and object oriented programming that has proven to offer viable shortcuts to the software development process.  

With the vulnerability points of entry growing every time we log on, this seems to drive home the need for IT governance that makes sure the entire infrastructure is aligned with best practices and policies.

The entire report is housed on Scribd and is well worth the read for security experts as well as those who view infrastructure vulnerabilities as a threat to a larger IT governance strategy.