Discover Performance

HP Software's community for IT leaders // June 2012
Subscribe

Security challenges 2012: Changing attack vectors, new infrastructures

The HP DVLabs Cyber Security Risks Report shows that new attack motives, including social and environmental causes, mean organizations must change how they think about enterprise application security.

For most of the last decade it was safe to assume that profit was the primary driver behind most cybercrime. But we’re in a new era now, concludes the HP Tipping Point DVLabs 2011 Top Cyber Security Risks Report. Today, state-sponsored espionage and agenda-driven "hacktivism" are close seconds if not lockstep peers of profit as an attack motive.

The hacktivist group Anonymous consistently made headlines throughout 2011, attacking numerous organizations for a variety of causes. As the report points out, social media is facilitating the viral nature of these distributed attacks, while the plummeting costs of technology and Internet access create a low barrier to entry for would-be hackers.

The bottom line: Changes in attack motivation are increasing enterprise security risk for organizations around the globe. Companies must familiarize themselves with the characteristics of this class of attack and reassess their defense techniques.

Other key findings from this year's report include:

  • Non-traditional enterprise infrastructures introduce many new opportunities for exploit. Virtualization, cloud computing and especially mobile computing are rich sources of potential security vulnerabilities. With mobile device adoption quickly outpacing traditional clients, this infrastructure in particular will have a huge impact on enterprise security in coming years. Mobile browser exploits and multi-vector compound attacks using a browser, SMS and email are appearing more frequently. Meanwhile, inadequate encryption is a widespread problem in mobile application services.
  • There are a greater number of overall attacks but a declining number of attack vectors. Vulnerabilities reported in commercial applications declined 19.5 percent from 2010, but this is creating a false sense of security. The number of high-severity attacks, as measured by HP Tipping Point Intrusion Protection System, more than doubled in the second half of 2011. Hackers are more consistently targeting custom applications, especially ones that utilize the Web.
  • Web-based applications are especially vulnerable. Four of the six most commonly reported web application security vulnerabilities are exclusively exploited via the Web. Furthermore, researchers found that Web and cloud-based applications generally expose a greater attack surface, making it more likely that a hacker will find exploitable web application vulnerabilities. As a result, there were almost 50 percent more Web application attacks in 2011 than in 2010. Security mistakes in Web applications are prevalent and widespread, even in large enterprises with an active mobile app security program in place.

The full report includes detailed analysis of web application risk and statistics on the prevalence of the most frequent mobile application security vulnerabilities. It also shares key findings on the emerging attack vectors of smartphones and other mobile devices.

To learn more about these trends as well as a full breakdown of current Web application attack techniques, download the full 2011 Cyber Security Risks Report from HP DVLabs. 


x

IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.



Let's get started
x

Please select an answer.
x

Analysis:

Your answer:
Your score:
Average score:
Revenue leaders' score:


x

Please select an answer.


x

Results

Your score:
Average score:
Revenue leaders' score:


Get detailed results:

Subscribe

Popular tags

Events

Ponemon’s 2014 Cost of Cyber Crime study

Security analyst Larry Ponemon discusses his 2014 findings in a series of region-specific webinars covering Europe, the Americas and Asia.


HP Discover 2014

Join thousands of IT execs, engineers, and solution experts to explore IT trends, strategies, and best practices. (Barcelona,
Dec. 2–4)


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.


Enterprise 20/20

Security 20/20

Preparing today for tomorrow’s threats.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance

Archive

Tweets @ HPSecurity