HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Cyber risk report: Is your security vulnerable in these key areas

Alec_Wagner on ‎03-27-2013 06:00 AM

Although it’s being promoted as a “risky read,” this month’s lead story on Discover Performance is a sure bet for security-minded IT leaders (and that should be all IT leaders). “Hackers target mobile platforms and older avenues” explores the HP 2012 Cyber Risk Report, an up-to-the-minute assessment of top vulnerabilities and strategic lapses that vex today’s enterprises.

 

Here are some key findings from the report:

 

Critical vulnerabilities declined, but still pose a mammoth risk

 

In 2012, high-severity vulnerabilities made up 20 of all vulnerabilities reported, down from 23 percent in 2011. Still, the HP report stresses that nearly one in five vulnerabilities can provide hackers with full control of a target.

 

Everything old is new again

 

When the Department of Homeland Security recommended that everyone disable the Oracle Java SE platform, it was a reminder that even mature technologies can fall prey to new exploits. In 2012, Supervisory Control And Data Acquisition (SCADA) system vulnerabilities shot up 768 percent over the past four years. The lesson here: Sticking a web front end on devices not intended to be web-connected opens them up to security vulnerabilities—and most industries that do so simply aren’t prepared to deal with the impact.

 

Web applications also remain vulnerable to a variety of attack types. Of the six vulnerability types most frequently submitted from 2000 through 2012, four—SQL injection, cross-site scripting, cross-site request forgery, and remote file includes—primarily or exclusively occur via the web.

 

Mobile vulnerabilities are on the rise

 

New technology is also introducing new vulnerabilities. The mobile device deluge has—surprise!—been accompanied by a tidal wave of mobile application vulnerabilities. In the past five years, the report found a 787 percent increase in the rate of mobile application vulnerability disclosure. Potential security issues also ride the tide of new mobile tech such as near-field communication.

 

With more than 77 percent of their tested applications vulnerable to information leakage, mobile app developers seem to mirroring the mistakes that web developers have been making for years. Slightly less than half (48 percent) of the tested apps were susceptible to unauthorized-access vulnerabilities, which an attacker can use to perform unauthorized actions (privilege escalation, for one).

 

Although mobile platforms are still a leading growth area for vulnerabilities, mature technologies, and particularly web applications, are still significant sources of vulnerability.

 

To learn more, read the HP 2012 Cyber Risk Report and visit HP Security Research.

0 Kudos
About the Author

Alec_Wagner

Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

Labels
Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all