Read the Cyber Risk Report
The 2016 edition of HPE’s annual security research Cyber Risk Report came out last week and it details a threat landscape rife with old, familiar problems and some newer but known issues.
While the Cyber Risk Report covers multiple areas drawing from the work by HPE Security Research, it focuses on the nature of vulnerabilities that leave organizations open to risk, and how cyber attackers take advantage of those vulnerabilities, and recommendations of steps for security professionals to take.
Key Findings in the Report:
Cybercrime is on the rise. If the year 2014 was unofficially known as the Year of the Breach, then 2015 could be called the Year of Collateral Damage, according to the report. Cyber attacks touched people who never dreamed they might be involved in a security breach. Both the United States Office of Personnel Management (OPM) and the Ashley Madison breaches affected those who never had direct contact with either entity, or whose information resided in their networks only as it related to someone else, explains the report.
The report also studies the fact that overarching regulations push research underground and that political pressures are attempting to decouple privacy and security efforts. Organizations must follow the changing legislative activity closely and maintain a flexible security approach, advises the report.
The most exploited bug from 2014 happened to be the most exploited bug in 2015 as well, due to the fact that end users are still not installing patches. Major software companies are releasing more patches than ever, yet this strains resources of both the vendor developing the patch and the customer deploying the patch. The most common excuse given by those who disable automatic updates or fail to install patches, says the report, is that patches break things. The report also recommends software companies move from patches to defensive measures that prevent classes of attacks.
Another key finding is that the traditional network perimeter has disappeared and attack surfaces have grown. Attackers have shifted their efforts from servers and operating systems directly to applications. They see this as an easy route to accessing sensitive enterprise data. The report helps security professionals understand the risk of interconnectivity and that they need to take steps to protect the interactions between users, applications and data regardless of location or device.
Lastly, the report details that malware has evolved from being simply disruptive to a revenue-generating activity and is the new focus of attackers. So called “Ransomware” attacks are on the rise and target enterprises and individuals, requiring both increased awareness and preparation on the part of security professionals to avoid the loss of sensitive data.
The HPE Cyber Risk Report 2016 challenges readers to rethink how and where their organizations can be attacked and take steps to minimize damage. Remember, breaches are no longer a question of “if” but “when.”
Related Videos and Webinar:
HPE Security Products senior vice president and general manager, Sue Barsamian provides an overview of the threat landscape and a behind the scenes discussion with three of the security researchers that dedicate their careers to helping the security community better understand the threats their organization’s face.
See Us at RSA
HPE will be addressing the latest trends in enterprise security at the RSA Conference 2016, taking place February 29 – March 4 in San Francisco. See our blog post, We are Serious about Security at RSA, for more information, and see us at HPE Security Booth #3411.