BIoT Canada

HPE identifies top risks for businesses today

February 17, 2016  

Print this page

Hewlett Packard Enterprise (HPE) today published the HPE Cyber Risk Report 2016, identifying the top security threats plaguing enterprises over the past year.

As the traditional network perimeter disappears and attack surfaces grow, security professionals are challenged with protecting users, applications and data — without stifling innovation or delaying enterprise timelines, it said.

This year’s Cyber Risk Report examines the 2015 threat landscape in this context, providing actionable intelligence around key areas of risk including application vulnerabilities, security patching and the growing monetization of malware. The report also highlights important industry issues such as new security research regulations, the “collateral damage” from high profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.

“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Sue Barsamian senior vice president and general manager, HPE Security Products, Hewlett Packard Enterprise. “We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”

The report found that:

  • Mobile applications’ frequent use of personally identifiable information presents significant vulnerabilities in the storage and transmission of private and sensitive information.1
  • Approximately 75% of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35% of non-mobile applications.1
  • Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling — the anticipation, detection, and resolution of errors — is more often found in Web applications.
  • Similar to 2014, the top 10  vulnerabilities exploited in 2015 were more than one year old, with 68% being three years old or more.
  • In 2015, Microsoft Windows represented the most targeted software platform, with 42% of the top 20 discovered exploits directed at Microsoft platforms and applications.
  • 29% of all successful exploits in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice.

Meanwhile, malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6% year-over-year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetization.