Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘social networking’ Category

Talking Through The Cosmos

leave a comment »

What day is it again?

Oh, yes, Wednesday.  Hump day.

I’ve been so busy this week on back-to-back phone calls that I’ve hardly had an opportunity to lift my head and see what’s going on in the world.

I finally took a few moments this morning to do so, and discovered a couple of tidbits on the mobile front. One, the new Samsung Galaxy IV is now available, and two, the QWERTY keyboard version of the new BlackBerry, the Q10, is also available.

On the former, it’s a mixed bag according to the Verge, though a mostly positive bag but one that suggests Samsung Galaxy has plenty of “good enough” competition not to warrant the steeper price of entry for the IV.

And on the latter, TechCrunch writes the Q10 is “a QWERTY keyboard smartphone comeback worth waiting for,” which I’ll consider at least a semi-positive endorsement.

Me, I’m sticking with my LG Cosmos 2 feature phone.

Being a social and digital media guru of sorts, people look at me like I’m from another planet when carrying this phone.  That alone is a good reason to do so, as it’s a great conversation starter: “What the hell are you doing with that phone??!”

The other is, I like having a phone that works as a phone.  I have an HTC Android device, a Kindle, an iPod Touch 5th gen, an iPod Touch 2nd gen, and an iPad 1st gen for all my tablet needs. But for all the time I spend on the phone, good battery life and strong signal reception are key, and the Cosmos 2 continues to deliver day after day without fail.

“Can you hear me now?” are words rarely spoken through the Cosmos.

Speaking of the cosmos, in the social media realm IBM just announced that for the fourth consecutive year that IDC ranked them number one in worldwide market share for enterprise social software.

Yay team.

Fact is, social networking adoption continues to soar as businesses look to transform their organization into a smarter enterprise that is capable of empowering a global workforce and transforming client experiences.

According to IDC, the worldwide enterprise social market segment reached 1.0 billion in 2012, representing growth of 25 percent over 2011.

As this demand grows, organizations are looking to introduce social capabilities into all key areas, from marketing and research innovation to sales and human resources. The challenge is that many lack the ability to capture and share the unique insights from each employee and use it to help drive real value to the business.

IBM’s social business software and services pair powerful social networking capabilities with analytics that help companies engage all key stakeholders whether an employee, customer or partners in order to accelerate innovation and deliver results.

Today, more than 60 percent of Fortune 100 companies have licensed IBM’s solutions for social business, including eight of the top 10 retailers and banks.

IBM’s social networking platform, IBM Connections, allows for instant collaboration with one simple click and the ability to build social communities both inside and outside the organization. We live by it inside IBM these days, and it’s available both on premise and in the IBM SmartCloud for Social Business. IBM currently has three IBM SmartCloud for Social Business facilities based in North America, Europe and Asia Pacific.

You can learn more about the latest version of IBM Connections in the video below.

Taking The Pulse On Mobile

leave a comment »

IBM Pulse on Vivastream

IBM Pulse 2013 is introducing a new social networking feature called “Pulse on Vivastream,” where you can connect and interact with other attendees and speakers to find people with similar interests and skills, share agendas, discuss hot and trending topics, and network with your peers. So, sign up now so you can make the most of IBM Pulse 2013 — before, during, and after the event.

First it was Ubuntu Linux on phones, and now it looks like it’s going to be Ubuntu Linux on Tablets.

TechCrunch posts that on Thursday, developers will be able to start “playing with” the new code, citing Ubuntu founder and VP Products Mark Shuttleworth saying that the strategy is “One Ubuntu” that contains the same codebase but works across multiple platforms, including desktops, phones, and tablets.

But, that each platform “uses a Linux kernel” that’s tailored for the specifics of the target hardware.

This in juxtaposition with iOS and Android, which don’t work as well beyond the handset form factor.

For the record, I currently run Ubuntu on several of my older machines, and save for some VPN woes, I’m a (mostly) happy Ubuntu user.

But what’s more interesting to me about this announcement is the timing. The global mobile confab, Mobile World Congress, is set to launch next week in Barcelona (one of my favorite cities on the planet!).

And speaking of mobile, just last week, IBM announced that Forrester Research, Inc. has recognized IBM as a leader in enterprise mobility services in its recent Forrester Wave report “Enterprise Mobility Services, Q1 2013.”

The report gave IBM the highest score possible on its current offering, writing that IBM “brings clients a world-class design agency (IBM Interactive) combined with breadth and depth of enterprise mobility consulting in terms of technology and global presence.”

I expect you’ll hear more about IBM’s mobile strategy in Barcelona, and shortly thereafter at the IBM Pulse event in Las Vegas, which I’ll be covering for Big Blue.

If you’re planning on attending IBM Pulse, I would highly recommend you start preparing your schedule now.  Already-registered attendees simply need go to the Pulse SmartSite to start checking out this year’s fare.

But wait, there’s more!

This year, IBM has introduced an exciting new social feature in the form of Pulse on Vivastream, a unique social networking platform where you can connect and interact with other attendees and speakers in advance of, during, and after the event to find people with similar interests and skills, share agendas, discuss hot and trending topics, and network with other attendees before you ever land in the land of what happens there stays there.

I’m already registered on “Pulse on Vivastream” myself, so feel free to drop by and introduce yourself.

This year, IBM Pulse guest speakers and performers include 4-time NFL MVP quarterback Peyton Manning and 6-time Grammy Award winner Carrie Underwood.

You’ll also have the opportunity to mix it up with 8,000+ of your peers and hear from IBM business partners and top industry analysts on the latest trends and hottest IT topics…including, yes, mobile.

You can go here to learn more about IBM Pulse 2013, which goes from March 3-6.

I’ll be bringing you more insights and coverage leading up to and during the event right here in the Turbo blog, and will once again be broadcasting via the Interwebs from the show floor, speaking with a variety of IBM executives, industry analysts, and other thought leaders that help make the IBM Tivoli world go round.

Lending A Helping Hand

leave a comment »

There are loads of conferences coming up.  In October, I’ll be attending and covering both the IBM InterConnect event in Singapore (October 9-11), and am currently preparing myself psychologically for the long plane ride.

Later in the month, from October 21-25, I’ll be covering the seventh Information on Demand event in Las Vegas, Nevada.

I’ll have more info on those soon, but in the meantime wanted to highlight another key event that will probably be flying a little under the radar, the Cúram International User Conference.

Entitled “Smarter Social Programs to Deliver Better Outcomes,” the Cúram event will be held starting tomorrow, October 1, through Thursday, October 4, at the Grand Hyatt Washington Hotel in Washington, D.C.

What’s notable about this particular event is its orientation towards helping people who help other people.

Social services organizations around the world find themselves in challenging times, with increasing demands for their resources and higher service expectations, at a time when tax revenues aren’t exactly peaking.

Many of those organizations have begun to leverage Cúram software to ensure they have the most fitting business and technology foundation to support those increasing demands.

At the Cúram event, attendees will learn about best practices from some of the more leading-edge social services practitioners, hear more about the latest social services trends, and network with their peers from around the globe.

They’ll also have the opportunity to see the latest Cúram solutions and technology in action, and meet Cúram integrators and partners.

You can learn more about the event here, and more about IBM Cúram software here.

IBM’s Combination Of Social & Analytics = Social ROI

leave a comment »

The embedded experience of the news feed in IBM Connections, also known as an activity stream, allows employees from any department inside an organization to explore structured and unstructured data such as Twitter feeds, Facebook posts, weather data, videos, log files, SAP applications, electronically sign documents, and quickly act on the data as part of their everyday work experience.

Big news today from IBM re: social analytics, and for some key customer wins on the social business front.

First, to the news about social analytics. Today, IBM unveiled new software and services that bring the power of big data analytics into the hands of a social savvy workforce anytime, anywhere.

With this new capability, organizations will be able to apply analytics to their social business efforts, allowing them to gain actionable insight on information generated in social networks and put it to work in real-time.

IBM’s Lead In Social Business

Today, more than 60 percent of the Fortune 100 have licensed IBM social software to activate their workforce to improve productivity, and gain insight on data to anticipate individual customers needs.

IBM’s leadership role in analytics has been established through a thoughtful strategy that required the expansion of R&D, acquisition and business initiatives across its hardware software and services portfolio.

As part of today’s news, IBM announced the availability of its industry-leading social software platform, IBM Connections.

IBM Connections incorporates sophisticated analytics capabilities, real-time data monitoring, and faster collaborative networks both inside and outside the organization, whether on premise, in the IBM SmartCloud or using a broad range of mobile devices.

You can check out a demo here.

IBM Customers Becoming More Social

IBM also announced today that leading companies around the globe, including Bayer MaterialScience, Colgate-Palmolive Company, LeasePlan, Primerica and Teach for America, are using its social software to achieve real returns on their social business investments.

The rise of social media is prompting business leaders, from the CMO to the chief HR officer to the CIO, to evaluate how to create opportunities that drive business transformation through the use of social technology, creating real business value.

At the same time, business leaders lack the tools to gain insight into the enormous stream of information and use it in a meaningful way. According to IBM’s CEO Study, today only 16 percent of CEOs are using social business platforms to connect with customers, but that number is poised to spike to 57 percent within the next three to five years.

Do you want to know what becoming a social business can do for your company? This video will help you understand how you can create exceptional customer experiences and a smarter workforce to empower your business. Find out how you can compete with — and win against — the world’s best by giving customers what they want. You can view the video here: http://bit.ly/SASGdi

A recent IBM study of more than 1,700 chief marketing officers reveals 82 percent plan to increase their use of social media over the next three to five years.

“To truly realize the full potential of a social business, leaders need to empower a company’s most vital asset — the information being generated from its people,” said Alistair Rennie, general manager, social business, IBM. “Now is the time for business leaders to embed social into their key business processes to shift their business from the era of ‘liking’ to ‘leading’.”

Social ROI

Today, more than 60 percent of the Fortune 100 have licensed IBM social software. There is strong demand for IBM’s social business platform in regulated industries, with 41 percent of Connections 4 beta participants in banking, finance and healthcare institutions.

Primerica, a leading distributor of financial products in North America, will utilize Connections and WebSphere Portal, to transform how its agents engage with its 2.3 million policy holders on the fly, to provide increased value for its customers.

The company plans to use social business software to improve the overall client experience, drive competitive edge and stay on the forefront of innovation in the financial services industry.  You can read more details on Primerica’s adoption of IBM social software here.

And in the video at the bottom of this post, you can check out my interview with Digital Influence Group’s Glenn Engler about the challenges and opportunities for social media in heavily regulated industries.

Expanding IBM Social Capabilities In Key Growth Markets

To support the burgeoning demand for social business solutions in growth markets, in the fourth quarter of 2012 IBM will open two social business customer support centers to serve IBM’s Asia-Pacific and Latin American clients.

Located in Manilla, the Philippines, and Sao Paolo, Brazil, these centers will support the rapid adoption of social business tools in these growth markets. The Philippines and Brazil centers join a roster of IBM social business centers in North America, Dublin, Japan, China and India.

IBM’s growing business partner network of more than 39,000 business partners are also bringing new, cutting-edge capabilities to IBM’s social platform every day in areas including gamification, video, compliance, project management and mobility.

For example, Actiance provides leading compliance capabilities to thousands of organizations globally, SugarCRM helps sellers use social networking and analytics for effective selling, and Bunchball provides gamification capabilities to IBM Connections.

Making New Connections With IBM Connections Social Software

IBM Connections, a cornerstone of IBM’s social platform, is available on premise, in the cloud, and on a broad range of mobile devices.

IBM Connections integrates activity streams, calendaring, wikis, blogs, a new email capability, and more, and flags relevant data for action. It allows for instant collaboration with one simple click and the ability to build social, secure communities both inside and outside the organization to increase customer loyalty and speed business results.

The new Connections mail capability provides simplified access to email within the context of the social networking environment.

Empowering Your Employees

The new capabilities empower employees from every line of business, such as marketing, human resources and development to gain actionable insight into the information being generated in their social networks.

For example, the Connections landing page features a single location that allows users to view and interact with content from any third party solution through a social interface, right alongside their company’s content, including email and calendar.

The embedded experience of the news feed, also known as an activity stream, allows employees from any department inside an organization to explore structured and unstructured data such as Twitter feeds, Facebook posts, weather data, videos, log files, SAP applications, electronically sign documents, and quickly act on the data as part of their everyday work experience.

To learn more about IBM’s social business initiative, participate in a simulcast on September 13, 2012 at 1 PM ET at bit.ly/Pn9sqd or sign-up to attend IBM’s Connect conference in January 2013.

For more information, please visit www.ibm.com/press/socialbusiness.

IBM blogger and tech evangelist Todd “Turbo” Watson interviews Digital Influence Group CEO Glenn Engler at SXSW Interactive 2012 about the opportunities and challenges of social media for heavily regulated industries.

Live @ IBM Smarter Commerce Global Summit — Opening Keynote Debrief: Motivate the Elephant

leave a comment »

Click to enlarge. The IBM Smarter Commerce Global Summit kicked off earlier today in Orlando, Florida. Over 200 IBM executives, industry specialists, and other thought leaders will be sharing their insights and expertise there over the next three days, including factoids like those seen in the infographic above.

If you love nothing else about IBM’s Smarter Commerce initiative, you have to love the fact that it’s driven by results.

Here in Orlando, day one of the IBM Smarter Commerce Global Summit has already revealed some of those facts, or business outcomes, that demonstrate the power of a more integrated customer experience in action.

By way of example: I mentioned earlier via Twitter that over $27 billion in sales generated by the Internet Retailers Top 500 is powered by IBM Commerce software.

Another example: IBM manages $57 billion in annual procurement spend managed on behalf of our clients.

Yet another: IBM analyzes over $100 billion of commerce transactions each year in the cloud and conveys that insight back to our customers.

But those are results on the so-called “back-end.”

Let’s turn our attention for a moment to the newly empowered consumer: 86 percent of them use multiple channels in their shopping efforts, and they spend four to five times more than the average.

Four in ten smartphone users search for an item while in the store, and yet online sales via mobile devices were up 300 percent over 2010.

Or how about this one: 77 percent of the global population are now mobile subscribers.

That’s an immense opportunity.

Guy Kawasaki On Enchanted Customers

As former Apple evangelist and social media thought leader and author Guy Kawasaki kicked off today’s keynote session here at the IBM Smarter Commerce Global Summit, he explained to the audience that we had over 200 interesting and very valuable sessions of the audience’s peers and outside industry experts sharing their own insights.

He began with the notion of the “chief executive customer,” that is to say, with placing customers at the center of the commerce experience.

Citing his own book, “Enchantment,” Kawasaki revealed there are three pillars for building enchantment with your customers. One, you have to be likable. Two, you must achieve trustworthiness. And three, you have to do something “DICEE” (the acronym which translated to “Deep,” “Intelligent,” “Complete,” “Empowering,” and “Elegant.”)

Kawasaki shared some compelling examples of which he spoke. After running into Virgin mega CEO Richard Branson at a speaking engagement in Moscow, Branson cornered Kawasaki and asked him the ill-fated question: Do you fly on Virgin Airlines?

Kawasaki admitted that, as a loyal United customer, he did not. Branson then used his charm and personality, and even a quick shoe shine, to convince Kawasaki he should reconsider.

Kawasaki now also flies on Virgin.

The Legend Continues…

After some other amusing anecdotes, Kawasaki turned the rostrum over to Craig Hayman, IBM’s general manager, Industry Solutions.

Hayman talked about examples of businesses that have had to completely reinvent themselves (Play-Doh, the children’s product, used to be a cleaning goop used prior to World War II!).

Hayman explained that the rate and pace of change in today’s marketplace is soaring, but that ultimately the customer “owns the transaction.”

“If you disappoint them,” Hayman explained, “they’re going to share their point of view (especially via the social media!) and then move on.”

Hayman handed the reins over to Lenovo senior VP of supply chain, Jerry Smith, who explained that Lenovo is a $30 billion global personal technology company with 27,000+ employees and customers in 160+ countries.

Partnering with IBM, Smith explained, Lenovo rebuilt its company around a global supply chain vision whose goal was simple yet straightforward: To become the undisputed #1 supply chain in personal technology by providing a best-in-class customer experience.

As Smith related to the gathered audience, “We need you (Lenovo’s sales force and partners) to sell product on the water,” meaning those units which were already on ships leaving China heading for parts around the globe.

Lenovo’s supply chain overhaul saw delivery performance go up by 15 percent, and onboarding costs/time down some 85 percent, giving them better negotiating leverage, higher order speeds, and leaner inventory, a must for the PC business.

The Grass Always Grows At Husqvarna

Smith’s handoff was to two executives from Husqvarna, the 300+ year-old company that, these days, specializes in outdoor equipment.

Think chain saws and lawn mowers.

“Grass always grows,” explained John Marchionda, Husqvarna’s VP of marketing, as his counterpart from IT, Simon Howard, nodded his head in agreement.

Husqvarna’s most recent marketing investments include a social video education space on its website that are both sales force and tutorial, explaining the likes of using chain saws safely, and effectively, and helping turn the inventory in the process.

The last IBM customer to “testify” in the morning session was Aditya Bhasin, the senior VP for Consumer Marketing and Digital Banking.

“People trust other people, not institutions,” explained Bhasin. He and his team are using that knowledge to make banking better, combining the best of human interaction with a more robust and effective technology system.

One example: “BankAmeriDeals,” a form of digital couponing that combines buyer behaviors, shopping, and payment systems to bring more value to its customers in direct savings on purchases.

Another: Its new Facebook branch, which is helping match consumers with local ATMs and bank branches, and helping answer customer questions through a medium they’re most comfortable with.

Change Is A Four Letter Word

The co-author of Switch: How to Change Things When Change Is Hard, Dan Heath, batted clean-up in the morning session by talking about a theme universal to many of IBM Smarter Commerce clients’ initiatives: Change.

“Change is a four-letter word for a lot of people,” Heath explained, before challenging the audience to think about “what happens when you leave Orlando?  Will the change you envision be a change you are willing to fight for?”

Heath explained that change is definitely within the art of the possible: We’re certainly optimistic about change the moment we decide to get married.

With much laughs from the audience, and Heath’s wedding album pictures onscreen as pudding proof, Heath explained that change is made more difficult by the battling two sides of our brains: The Rational, Conscious, and Deliberative side, and the Emotional, Unconscious, and Automatic side.

The emotional side is like a big elephant in our heads, the little devil telling us “We deserve ice cream” or “Call my ex.”

The rational side…well, we like to often ignore that side.

To make his thesis actionable, Heath explained a three-part framework for thinking about change.

One, he explained, we have to “direct the rider.” Point to the way you want to change and “find the bright spots,” those areas of opportunity where you’ve already succeeded.

Second, “motivate the elephant” — give them a compelling reason to change.

And finally, “shape the path,” for change.

That is, “cultivate a culture that’s more conducive to change” and encourages more people to participate.

Facebook Up Front

with one comment

There’s nothing like the looming shadow of the largest Internet-related IPO in history to bring out all the Debbie Downers.

Mind you, I’m in a two-day meeting in Raleigh with my teammates, so I’m supposed to be paying attention to what’s going on inside these four walls.  And I mostly am.

But, I simply could not ignore this headline sent to me via email by a fellow colleague (just to demonstrate the continued critical importance of personal word-of-mouth recommendations…I can’t find out everything from watching “The View”, now, can I?): GM To Stop Advertising On Facebook.

This on the first scroll of The Wall Street Journal this afternoon.

It would be easy enough to dismiss this headline considering the source, News Corporation, which owns the Journal, which is competing for essentially the same advertising dollars never mind that they also own that little used social network, MySpace, which once-upon-a-time was the bell of the social networking ball — but, it’s General Motors, the U.S.’ third largest advertiser in a critical category for advertising (automobiles).

According to the story, GM has spent some $40 million on its Facebook presence and plans to stop advertising there “after the company’s marketing executives determined their paid ads had little impact on consumers.” However, it also points out GM will continue to expand its use of marketing through Facebook’s pages, which is essentially free real estate.

In this case, it seems that the “owned” media is outpacing the “paid.”

On the other side of Madison Avenue, AP-CNBC recently conducted a poll that indicated more than half (57 percent) of Facebook users polled said they never click on ads or other sponsored content when they use the site. Only 4 percent say they often click on ads.

This isn’t exactly a canary in Facebook’s coal mine, however.

As I’ve tried to point out to my own troops, the shift in attention to the Facebook platform cannot be denied — U.S. Internet users now spend 20% of their surfing time there, and as Facebook creates more intersections between entertainment, retail, and commerce, I would expect that number to go up, not down!

So what if people don’t click on an ad for the new Escalade — there’s a pretty good chance a few millions of the right people saw those ads, and quite frankly, if folks’ attention is moving from the big screen to the small (and, via mobile, to the smaller), then the attention deficit economy must eventually witness the transition of ad dollars in some semblance of parity, which heretofore hasn’t happened.

It doesn’t escape my notice that this news emerges the very same week that the big broadcasters are holding their “upfronts,” where they try to sell their $60 billion of inventory as much in advance as possible for the next year to advertisers, their agencies, etc.

The New York Times’ Amy Chozick penned a piece today explaining some of the festivities at this year’s upfronts. An excerpt: “At the Fox Party on Monday, the judges for the show ‘MasterChef,’ Gordon Ramsay, Graham Elliot, and Joe Bastianich, will personally serve a menu that includes organic salmon ceviche and a deconstructed Caesar salad accompanied by brioche Twinkies.”

Fox will be serving “veal meatballs with black truffles” along with “Manhattan mules,” a combination of vodka, ginger beer, and lime.

Traditional advertising’s Rome is burning, so why not throw a cocktail party and drink mint juleps as the last vestiges of appointment programming disappear into the Nielsen viewer diary of history?

The dirty little secret is this: We’re entering into a world where the absence of data is going to be replace by an abundance of data.  Moving forward, Facebook’s problem with advertisers will not be whether or not they can share information about the platform’s advertising performance, but more importantly, which data, about which demographic, on what platform, etc.?

There will be more information than most advertisers can consume effectively, particularly those more schooled in Nielsen “set meters” than A/B splits and multivariate testing.

Yeah, sure, go ahead and pile on the new kid on the block.  Mark Zuckerberg’s about to take away those truffles and Manhattan mules and your annual party is moving from up front to out back.  I’d be mad, too.

But that doesn’t change the fact that the advertising world is changing, and the big screen is about to be replaced by one that will get smaller and smaller, but one that will be more and more valuable to marketers.

Warning Against Your Insecurities: The 2011 IBM X-Force Trend And Risk “Poltergeist”

leave a comment »

WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere.  No web servers were hacked in the preparation of this report: at least, none by me!

Okay, troopers, it’s that time of year again.  You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.

Google has the search “Zeitgeist” every year, we have the security “poltergeist!”

This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask?  Surely you jest, Turbo.

This figure from the 2011 IBM X-Force Trend And Risk Report shows a steady decline in the instances of input control related vulnerabilities such as cross-site scripting (XSS) and SQL injection since X-Force began recording these statistics in 2007. In 2011, the statistics suggest that the likelihood of encountering XSS in a given test continues to decrease but shows signs of leveling out at approximately a 40 percent chance of occurring. Injection vulnerabilities and specifically SQL injection appears to have leveled out at around a 20 percent chance of occurring in a given test.

No, no, there IS some good news.  Like a reduction in application security vulnerabilities, exploit code and spam.

But, good news leads to less good news on this front, as many of you who follow security well know, because the bad guys are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.

The Top Line: Less Spam, More Adaptation

To get specific, the X-Force 2011 Trend and Risk Report demonstrated a 50 percent decline in spam email compared to 2010.

2011’s poltergeist saw a diligent patching of security vulnerabilities by software vendors, with only 36 percent of those vulnerabilities remaining unpatched in 2011 (compared to 43 percent in 2010).  The year also saw a higher quality of software application code, as seen in web-app vulnerabilities called “cross-site scripting” that were half as likely to exist in clients’ software as they were four years ago.

So, the net is, the bad guys are adapting their techniques to the changing tech environment. The report uncovered a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.

It also witnessed an increase in automated shell command injection attacks against web servers, which may well be a response to successful efforts to close off other kinds of Web app vulnerabilities.

The Security Landscape Glass Half Full: Decrease In Unpatched Vulnerabilities, Exploit Code, And Spam

Getting even more specific, according to the report, there are several positive trends as companies adjusted their security policies in 2011:

  • Thirty percent decline in the availability of exploit code. When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities.
  • Decrease in unpatched security vulnerabilities. When security vulnerabilities are publicly disclosed, it is important that the responsible software vendor provide a patch or fix in a timely fashion. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. In 2011 this number was down to 36 percent from 43 percent in 2010.
  • Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality. The IBM X-Force team is seeing significant improvement in the quality of software produced by organizations that use tools like IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code.  IBM found XSS vulnerabilities are half as likely to exist in customers’ software as they were four years ago. However, XSS vulnerabilities still appear in about 40 percent of the applications IBM scans. This is still high for something well understood and able to be addressed.
  • Decline in spam. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010. Some of this decline can be attributed to the take-down of several large spam botnets, which likely hindered spammers’ ability to send emails. The IBM X-Force team witnessed spam evolve through several generations over the past seven years as spam filtering technology has improved and spammers have adapted their techniques in order to successfully reach readers.

The Security Landscape Glass Half Empty: Attackers Adapt Their Techniques in 2011

Even with these improvements, there has been a rise in new attack trends and an array of significant, widely reported external network and security breaches.

This figure from the 2011 IBM X-Force Trend And Risk Report shows an increase in mobile operating system exploits in 2011 due to an uptick in malicious activity targeting mobile devices. Because of the two-tiered relationship between phone end users, telecommunications companies, and mobile operating system vendors, disclosed mobile vulnerabilities can remain unpatched on phones for an extended period of time, providing a large window of opportunity to attackers.

As malicious attackers become increasingly savvy, the IBM X-Force documented increases in three key areas of attack activity:

  • Attacks targeting shell command injection vulnerabilities more than double. For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46 percent in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011. Web application developers should pay close attention to this increasingly popular attack vector.
  • Spike in automated password guessing – Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011.
  • Increase in phishing attacks that impersonate social networking sites and mail parcel services – The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.

Emerging Technologies Create New Avenues for Attacks

New technologies such as mobile and cloud computing continue to create challenges for enterprise security.

  • Publicly released mobile exploits rise 19 percent in 2011. This year’s IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of “Bring your Own Device,” or BYOD, in the enterprise. IBM X-Force reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. There are many mobile devices in consumers’ hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.
  • Attacks increasingly relate to social media – With the widespread adoption of social media platforms and social technologies, this area has become a target of attacker activity. IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.
  • Cloud computing presents new challenges – Cloud computing is moving rapidly from emerging to mainstream technology, and rapid growth is anticipated through the end of 2013. In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. Cloud security requires foresight on the part of the customer as well as flexibility and skills on the part of the cloud provider. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.

The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”

You can learn more about IBM Security Solutions here.

%d bloggers like this: