Security experts have warned businesses that hackers are moving their focus from flaws designated as high risk by software vendors to flaws normally seen as lower risks.
Lloyd's of London chief information security officer Marcus Alldrick said, " [Hackers] are not going for the normal high risk flaws, they're going for the medium risk ones. In the patch management cycle, the medium risk flaws are being patched later."
Further reading
That delay in patching is also being exacerbated by hackers combining the lower-risk flaws to create so-called blended threats, explained BT global head of business continuity, security & governance practice Ray Stanton.
By combining two lower-risk flaws, hackers can cause high-risk threats to an organisation.
Stanton agreed with Alldrick adding, "Although individually a lot of those low or medium threats may not pose a great risk, when you connect them together, it gives the opportunity to use 'blended' threats."
BT's Stanton said he had teams working on how hackers exploit threats like these. "Other teams like IBM's X-Force are doing the same, looking for disparate lower-risk flaws to bring together – you're not looking for easy options – they're called 'slow and mean' attacks."
Asked how firms should proceed against these threats, Lloyd's of London's Alldrick said, "We can't just concentrate on the protective aspects of our controls, we have to look at the detective aspects as well – and that means more monitoring, and being more agile in applying the corrective fixes."
Bernt Ostergaard, senior research director at market research company Current Analysis, said that although the number of security flaws was down in 2009 compared with 2008, "this is due to [organised hackers] becoming much more targeted and much more vicious – they're getting better at targeting where the money is."
Ostergaard also pointed out that "the traditional anti-malware fighters
trying to address these threats, like the F-Secures and the McAfees, just can't
keep up."
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
