HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Cyber risk report: Is your security vulnerable in these key areas

Alec_Wagner on ‎03-27-2013 06:00 AM


Although it’s being promoted as a “risky read,” this month’s lead story on Discover Performance is a sure bet for security-minded IT leaders (and that should be all IT leaders). “Hackers target mobile platforms and older avenues” explores the HP 2012 Cyber Risk Report, an up-to-the-minute assessment of top vulnerabilities and strategic lapses that vex today’s enterprises.


Here are some key findings from the report:


Critical vulnerabilities declined, but still pose a mammoth risk


In 2012, high-severity vulnerabilities made up 20 of all vulnerabilities reported, down from 23 percent in 2011. Still, the HP report stresses that nearly one in five vulnerabilities can provide hackers with full control of a target.


Everything old is new again


When the Department of Homeland Security recommended that everyone disable the Oracle Java SE platform, it was a reminder that even mature technologies can fall prey to new exploits. In 2012, Supervisory Control And Data Acquisition (SCADA) system vulnerabilities shot up 768 percent over the past four years. The lesson here: Sticking a web front end on devices not intended to be web-connected opens them up to security vulnerabilities—and most industries that do so simply aren’t prepared to deal with the impact.


Web applications also remain vulnerable to a variety of attack types. Of the six vulnerability types most frequently submitted from 2000 through 2012, four—SQL injection, cross-site scripting, cross-site request forgery, and remote file includes—primarily or exclusively occur via the web.


Mobile vulnerabilities are on the rise


New technology is also introducing new vulnerabilities. The mobile device deluge has—surprise!—been accompanied by a tidal wave of mobile application vulnerabilities. In the past five years, the report found a 787 percent increase in the rate of mobile application vulnerability disclosure. Potential security issues also ride the tide of new mobile tech such as near-field communication.


With more than 77 percent of their tested applications vulnerable to information leakage, mobile app developers seem to mirroring the mistakes that web developers have been making for years. Slightly less than half (48 percent) of the tested apps were susceptible to unauthorized-access vulnerabilities, which an attacker can use to perform unauthorized actions (privilege escalation, for one).


Although mobile platforms are still a leading growth area for vulnerabilities, mature technologies, and particularly web applications, are still significant sources of vulnerability.


To learn more, read the HP 2012 Cyber Risk Report and visit HP Security Research.

About the Author


Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all