- Security TWENTY
- Women in Security
The multi-national HP has published the 2015 edition of its annual Cyber Risk Report, detailing the most pressing security issues, and indicating likely trends for 2015.
Authored by HP Security Research, the report examines the data indicating the most prevalent vulnerabilities that leave organisations open to security risks. Well-known, even decades-old issues and misconfigurations contributed to the most formidable threats in 2014.
Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP, said: “Many of the biggest security risks are issues we’ve known about for decades, leaving organizations unnecessarily exposed. We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.”
· 44 percent of known breaches came from vulnerabilities that are two to four years old. Attackers continue to leverage well-known techniques to successfully compromise systems and networks. Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago.
· Server misconfigurations were the number one vulnerability. Over and above vulnerabilities such as privacy and cookie security issues, server misconfigurations dominated the list of security concerns in 2014, providing adversaries unnecessary access to files that leave an organization susceptible to an attack.
· Other avenues of attack were introduced via connected devices. In addition to security issues presented via Internet of Things (IoT) devices, 2014 also saw an increase in the level of mobile malware detected. As the computing ecosystem continues to expand, unless enterprises take security into consideration, attackers will continue to find more points of entry.
· The primary causes of commonly exploited software vulnerabilities are defects, bugs, and logic flaws. Most vulnerabilities stem from a relatively small number of common software programming errors. Old and new vulnerabilities in software are swiftly exploited by attackers.
The company suggests a continuous “assume-breach” mentality. There is no silver bullet solution, and defenders should implement a complementary, layered set of IT security tactics, the firm says.