Discover PerformanceHP Software's community for IT leaders // June 2012
Security challenges 2012: Changing attack vectors, new infrastructures
The HP DVLabs Cyber Security Risks Report shows that new attack motives, including social and environmental causes, mean organizations must change how they think about enterprise application security.
For most of the last decade it was safe to assume that profit was the primary driver behind most cybercrime. But we’re in a new era now, concludes the HP Tipping Point DVLabs 2011 Top Cyber Security Risks Report. Today, state-sponsored espionage and agenda-driven "hacktivism" are close seconds if not lockstep peers of profit as an attack motive.
The hacktivist group Anonymous consistently made headlines throughout 2011, attacking numerous organizations for a variety of causes. As the report points out, social media is facilitating the viral nature of these distributed attacks, while the plummeting costs of technology and Internet access create a low barrier to entry for would-be hackers.
The bottom line: Changes in attack motivation are increasing enterprise security risk for organizations around the globe. Companies must familiarize themselves with the characteristics of this class of attack and reassess their defense techniques.
Other key findings from this year's report include:
- Non-traditional enterprise infrastructures introduce many new opportunities for exploit. Virtualization, cloud computing and especially mobile computing are rich sources of potential security vulnerabilities. With mobile device adoption quickly outpacing traditional clients, this infrastructure in particular will have a huge impact on enterprise security in coming years. Mobile browser exploits and multi-vector compound attacks using a browser, SMS and email are appearing more frequently. Meanwhile, inadequate encryption is a widespread problem in mobile application services.
- There are a greater number of overall attacks but a declining number of attack vectors. Vulnerabilities reported in commercial applications declined 19.5 percent from 2010, but this is creating a false sense of security. The number of high-severity attacks, as measured by HP Tipping Point Intrusion Protection System, more than doubled in the second half of 2011. Hackers are more consistently targeting custom applications, especially ones that utilize the Web.
- Web-based applications are especially vulnerable. Four of the six most commonly reported web application security vulnerabilities are exclusively exploited via the Web. Furthermore, researchers found that Web and cloud-based applications generally expose a greater attack surface, making it more likely that a hacker will find exploitable web application vulnerabilities. As a result, there were almost 50 percent more Web application attacks in 2011 than in 2010. Security mistakes in Web applications are prevalent and widespread, even in large enterprises with an active mobile app security program in place.
The full report includes detailed analysis of web application risk and statistics on the prevalence of the most frequent mobile application security vulnerabilities. It also shares key findings on the emerging attack vectors of smartphones and other mobile devices.
To learn more about these trends as well as a full breakdown of current Web application attack techniques, download the full 2011 Cyber Security Risks Report from HP DVLabs.
HP CEO Meg Whitman discusses how connected intelligence will drive IT operations, application development, IT security, marketing, compliance—and the bottom line. Register now.
Connect with nearly 1,500 security pros to learn how to better disrupt or mitigate threats. Learn to think like a bad guy. (Washington, D.C., Sept. 8 – 11)
The Heartbleed vulnerability set users and enterprises scrambling. How can we avoid or mitigate the next Heartbleed?
HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episode.
Preparing today for tomorrow’s threats.
Introduction to Enterprise 20/20
What will a successful enterprise look like in the future?
Challenges and opportunities for the CIO of the future.
Dev Center 20/20
How will we organize development centers for the apps that will power our enterprises?
Welcome to a new reality of split-second decisions and marketing by the numbers.
IT Operations 20/20
How can you achieve the data center of the future?
What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.
Looking toward the era when everyone — and everything — is connected.
Data Center 20/20
The innovation and revenue engine of the enterprise.