HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Cyber risk report: Is your security vulnerable in these key areas

Alec_Wagner on ‎03-27-2013 06:00 AM

Although it’s being promoted as a “risky read,” this month’s lead story on Discover Performance is a sure bet for security-minded IT leaders (and that should be all IT leaders). “Hackers target mobile platforms and older avenues” explores the HP 2012 Cyber Risk Report, an up-to-the-minute assessment of top vulnerabilities and strategic lapses that vex today’s enterprises.


Here are some key findings from the report:


Critical vulnerabilities declined, but still pose a mammoth risk


In 2012, high-severity vulnerabilities made up 20 of all vulnerabilities reported, down from 23 percent in 2011. Still, the HP report stresses that nearly one in five vulnerabilities can provide hackers with full control of a target.


Everything old is new again


When the Department of Homeland Security recommended that everyone disable the Oracle Java SE platform, it was a reminder that even mature technologies can fall prey to new exploits. In 2012, Supervisory Control And Data Acquisition (SCADA) system vulnerabilities shot up 768 percent over the past four years. The lesson here: Sticking a web front end on devices not intended to be web-connected opens them up to security vulnerabilities—and most industries that do so simply aren’t prepared to deal with the impact.


Web applications also remain vulnerable to a variety of attack types. Of the six vulnerability types most frequently submitted from 2000 through 2012, four—SQL injection, cross-site scripting, cross-site request forgery, and remote file includes—primarily or exclusively occur via the web.


Mobile vulnerabilities are on the rise


New technology is also introducing new vulnerabilities. The mobile device deluge has—surprise!—been accompanied by a tidal wave of mobile application vulnerabilities. In the past five years, the report found a 787 percent increase in the rate of mobile application vulnerability disclosure. Potential security issues also ride the tide of new mobile tech such as near-field communication.


With more than 77 percent of their tested applications vulnerable to information leakage, mobile app developers seem to mirroring the mistakes that web developers have been making for years. Slightly less than half (48 percent) of the tested apps were susceptible to unauthorized-access vulnerabilities, which an attacker can use to perform unauthorized actions (privilege escalation, for one).


Although mobile platforms are still a leading growth area for vulnerabilities, mature technologies, and particularly web applications, are still significant sources of vulnerability.


To learn more, read the HP 2012 Cyber Risk Report and visit HP Security Research.

0 Kudos
About the Author


Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all