From the latest Microsoft Security Intelligence Report it states “In contrast to the decrease in total disclosures, vulnerabilities rated as High severity increased 13% with respect to the second half of 2007, with roughly 48% of all vulnerabilities receiving a rating of High severity. This is still a 28% decline from the first half of 2007.”
While there was a clear spike in 2007, I think there is a clear up-trend in the overall severity of breaches.
What is concerning to me is that there is less sophistication on the defensive side. Most organizations are doing the same old things to protect against (what they think) are the same old attacks. The truth is, the bad guys are out thinking most organizations and while there are technologies and risk mitigation solutions that can be used, most don’t due to lack of focus, time, resources, etc.
