July 5, 2012
NRI SecureTechnologies, Ltd.
NRI SecureTechnologies, Ltd. has announced the 8th report of "Cyber Security Trend - Annual Review 2012", based on data(Note1) collected through solution services of information security during FY 2011. Series of the reports have been issued annually since FY 2005, as a purpose of support for strengthening security systems against virus and hackers in public sectors and companies.
The result of the data analysis in FY 2011 shows the following three problems;
We did a simple security check of overseas bases websites of Japanese company, and found that 49% of these websites use the vulnerable version's products which were dangerous for external attacks, as shown in Figure 1.
Fig.1 Comparison of simple check results in domestic sites and overseas sites
Figure 1 shows that it is difficult to manage security individually to dispersed overseas websites. As a countermeasure for this situation, it is effective to integrate access route to websites with WAF (Web Application Firewall)(Note 2), as shown in Figure 2.
Fig.2 Access route integration by WAF
As a result of platform assessment, we found that 32% of systems had potential problems to be attacked immediately through internet, as shown in Figure 3. The percentage is larger than one in FY 2010. This is because most of systems did not support solutions for dangerous vulnerability that could not defend with firewall, and that vulnerability was reported in August 2011 was not found in FY 2010.
Fig.3 Platform assessment results via firewalls annual comparison
Targeted e-mail attack is not new attack, but we have to recognize newly a large threat, as our environment is changing to facilitate targeted e-mail attack due to proliferation of social media such as Twitter and Facebook, as shown in Figure 4.
Fig.4 Targeted e-mail using social media information
(1) Search users in the same company on social media
(2) View information on a specific user
(3) Create a targeted e-mail based on the acquired information
When information systems are detected with a problem by security assessment, NRI SecureTechnologies will immediately provide an appropriate and concrete countermeasure, based on a result of assessment.
The "Cyber Security Trend - Annual Review 2012" is available at the following website.
|(Note 1)||Data scoped with analysis: Data obtained from information security-related service that NRI Secure Technologies had provided to their customer companies in FY 2011 (From April 1, 2011 to end of March, 2012). It includes interannual data since FY 2007.|
|(Note 2)||WAF (Web Application Firewall): a system of defense for attack to web applications|
NRI SecureTechnologies, a leading provider of information security solutions, is one of the group companies of Nomura Research Institute, Ltd. Established in 2000, it examines information security at business corporations from the aspects of technology and business management and offers a one-stop service from consulting to solution implementation, training, management and surveillance.
[Contact to the news release]
[Contact to the report]