Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Cyber risk report: Is your security vulnerable in these key areas



Although it’s being promoted as a “risky read,” this month’s lead story on Discover Performance is a sure bet for security-minded IT leaders (and that should be all IT leaders). “Hackers target mobile platforms and older avenues” explores the HP 2012 Cyber Risk Report, an up-to-the-minute assessment of top vulnerabilities and strategic lapses that vex today’s enterprises.


Here are some key findings from the report:


Critical vulnerabilities declined, but still pose a mammoth risk


In 2012, high-severity vulnerabilities made up 20 of all vulnerabilities reported, down from 23 percent in 2011. Still, the HP report stresses that nearly one in five vulnerabilities can provide hackers with full control of a target.


Everything old is new again


When the Department of Homeland Security recommended that everyone disable the Oracle Java SE platform, it was a reminder that even mature technologies can fall prey to new exploits. In 2012, Supervisory Control And Data Acquisition (SCADA) system vulnerabilities shot up 768 percent over the past four years. The lesson here: Sticking a web front end on devices not intended to be web-connected opens them up to security vulnerabilities—and most industries that do so simply aren’t prepared to deal with the impact.


Web applications also remain vulnerable to a variety of attack types. Of the six vulnerability types most frequently submitted from 2000 through 2012, four—SQL injection, cross-site scripting, cross-site request forgery, and remote file includes—primarily or exclusively occur via the web.


Mobile vulnerabilities are on the rise


New technology is also introducing new vulnerabilities. The mobile device deluge has—surprise!—been accompanied by a tidal wave of mobile application vulnerabilities. In the past five years, the report found a 787 percent increase in the rate of mobile application vulnerability disclosure. Potential security issues also ride the tide of new mobile tech such as near-field communication.


With more than 77 percent of their tested applications vulnerable to information leakage, mobile app developers seem to mirroring the mistakes that web developers have been making for years. Slightly less than half (48 percent) of the tested apps were susceptible to unauthorized-access vulnerabilities, which an attacker can use to perform unauthorized actions (privilege escalation, for one).


Although mobile platforms are still a leading growth area for vulnerabilities, mature technologies, and particularly web applications, are still significant sources of vulnerability.


To learn more, read the HP 2012 Cyber Risk Report and visit HP Security Research.

0 Kudos
About the Author


Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all