Live
- GMR Airports Unveils AI-Powered Digital Twin Platform to Transform Airport Operations
- India poised to become leading maritime player: PM Modi
- Top Causes of Kidney Stones and How to Recognize Silent Symptoms
- India’s renewable energy capacity logs 14.2 pc growth at 213.7 GW
- Winter Session of Odisha Assembly adjourned sine die
- Biden calls Trump's tariff approach 'major mistake'
- After Drama Over Eknath Shinde’s Chief Minister Race, Maharashtra Cabinet Formation Faces New Tensions
- Egyptian FM, Blinken discuss recent developments in Syria
- Iran's supreme leader says Syria's developments result of US-Israeli 'plot'
- Elon Musk to Purchase $100 Million Luxury Mansion Next to Donald Trump's Mar-a-Lago, Report Reveals
Just In
Security Threat Landscape Still Plagued by Known Issues, says HP
Security Threat Landscape Still Plagued By Known Issues, Says HP. HP today published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015.
Bangalore: HP today published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015.
Authored by HP Security Research, the report examines the data indicating the most prevalent vulnerabilities that leave organizations open to security risks. This year’s report reveals that well-known issues and misconfigurations contributed to the most formidable threats in 2014.
“Many of the biggest security risks are issues we’ve known about for decades, leaving organizations unnecessarily exposed,” said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products (ESP). “We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.”
Highlights and key findings
- 44 percent of known breaches came from vulnerabilities that are 2-4 years old. Attackers continue to leverage well-known techniques to successfully compromise systems and networks. Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago.
- Server misconfigurations were the number one vulnerability. Over and above vulnerabilities such as privacy and cookie security issues, server misconfigurations dominated the list of security concerns in 2014, providing adversaries unnecessary access to files that leave an organization susceptible to an attack.
- Additional avenues of attack were introduced via connected devices. In addition to security issues presented via Internet of Things (IoT) devices, 2014 also saw an increase in the level of mobile malware detected. As the computing ecosystem continues to expand, unless enterprises take security into consideration, attackers will continue to find more points of entry.
- The primary causes of commonly exploited software vulnerabilities are defects, bugs, and logic flaws. Most vulnerabilities stem from a relatively small number of common software programming errors. Old and new vulnerabilities in software are swiftly exploited by attackers.
Key recommendations
- A comprehensive and timely patching strategy should be employed by network defenders to ensure systems are up-to-date with the latest security protections to reduce the likelihood of these attacks succeeding.
- Regular penetration testing and verification of configurations by internal and external entities can identify configuration errors before attackers exploit them.
- Mitigate risk being introduced to a network prior to the adoption of new technologies. With emerging technologies like Internet of Things (IoT), it is imperative for organizations to protect against potential security vulnerabilities by understanding new avenues of attack before they are exploited.
- Collaboration and threat intelligence sharing is key to cooperatively addressing threats across the security industry. This enables organizations to gain insight into adversarial tactics, allowing for more proactive defense, strengthened protections offered in security solutions, and an overall safer environment.
- Complementary protection strategy should be adopted with a continuous “assume-breach” mentality. There is no silver bullet solution, and defenders should implement a complementary, layered set of security tactics to ensure the best defense.
Related videos
Cyber Risk Report 2015: Executive Overview – HP Enterprise Security Products General Manager, Art Gilliland, provides an overview of the threat landscape and introduction to this year’s report.
Methodology
The HP Cyber Risk Report is published annually by HP Security Research, leveraging a number of internal and external sources to identify, research and analyze the findings, including the HP Zero Day Initiative, HP Fortify on Demand security assessments, HP Software Security Research and ReversingLabs. Additional information on the methodology can be found in the full report.
HP enables organizations to take a proactive approach to security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative research, HP Enterprise Security enables organizations to integrate information correlation, application analysis and network-level defense. Additional information about HP Enterprise Security can be found at www.hp.com/go/esp.
Join HP Software on Linkedin and follow @HPSoftware on Twitter. To learn more about HP Enterprise Security Products on Twitter, please follow @HPsecurity and join HP Enterprise Security on Linkedin.
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com