IBM: Critical security vulnerabilities triple in 2011

But spam levels and browser vulnerabilities are decreasing

Critical security vulnerabilities have increased by 300 per cent since the beginning of this year, according to a new report by IBM.

IBM's X-Force 2011 Mid-Year Trend and Risk Report is based on research into public vulnerability disclosures and analysis of daily security events from the beginning of 2011.

The growing "bring-your-own-device" trend, where employees connect personal devices to the corporate network, has raised security concerns, according to the report. It recommends that anti-malware and patch management software for phones is employed for mobile devices in business environments.

"The rash of high-profile breaches this year highlights the challenges organisations often face in executing their security strategy," said Tom Cross, manager of threat intelligence and strategy for IBM X-Force.

The report also contained some more positive news. It found that for the first time in five years web application vulnerability disclosures decreased, while high and critical browser vulnerabilities were also at their lowest level since 2007. The report also found a decrease in spam, as major botnet operators were taken down by law enforcement agencies.

Ovum principal analyst Graham Titterington welcomed the fact that the authorities appear to be making headway against cyber criminals, but he warned: "The people who carry out these attacks will not give up, unless there is no pay-off – whether it is for money or power."