Cyber risk report: Is your security vulnerable in these key areas

aw-tendo-glam.jpg

Although it’s being promoted as a “risky read,” this month’s lead story on Discover Performance is a sure bet for security-minded IT leaders (and that should be all IT leaders). “Hackers target mobile platforms and older avenues” explores the HP 2012 Cyber Risk Report, an up-to-the-minute assessment of top vulnerabilities and strategic lapses that vex today’s enterprises.

 

Here are some key findings from the report:

 

Critical vulnerabilities declined, but still pose a mammoth risk

 

In 2012, high-severity vulnerabilities made up 20 of all vulnerabilities reported, down from 23 percent in 2011. Still, the HP report stresses that nearly one in five vulnerabilities can provide hackers with full control of a target.

 

Everything old is new again

 

When the Department of Homeland Security recommended that everyone disable the Oracle Java SE platform, it was a reminder that even mature technologies can fall prey to new exploits. In 2012, Supervisory Control And Data Acquisition (SCADA) system vulnerabilities shot up 768 percent over the past four years. The lesson here: Sticking a web front end on devices not intended to be web-connected opens them up to security vulnerabilities—and most industries that do so simply aren’t prepared to deal with the impact.

 

Web applications also remain vulnerable to a variety of attack types. Of the six vulnerability types most frequently submitted from 2000 through 2012, four—SQL injection, cross-site scripting, cross-site request forgery, and remote file includes—primarily or exclusively occur via the web.

 

Mobile vulnerabilities are on the rise

 

New technology is also introducing new vulnerabilities. The mobile device deluge has—surprise!—been accompanied by a tidal wave of mobile application vulnerabilities. In the past five years, the report found a 787 percent increase in the rate of mobile application vulnerability disclosure. Potential security issues also ride the tide of new mobile tech such as near-field communication.

 

With more than 77 percent of their tested applications vulnerable to information leakage, mobile app developers seem to mirroring the mistakes that web developers have been making for years. Slightly less than half (48 percent) of the tested apps were susceptible to unauthorized-access vulnerabilities, which an attacker can use to perform unauthorized actions (privilege escalation, for one).

 

Although mobile platforms are still a leading growth area for vulnerabilities, mature technologies, and particularly web applications, are still significant sources of vulnerability.

 

To learn more, read the HP 2012 Cyber Risk Report and visit HP Security Research.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.