Data Security Puts Innovation At Risk

Uploaded on 2016-03-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments

The challenge of protecting users, applications and data against cyber-attack continues to grow, and many organizations struggle to not let security issues disrupt project timelines or stifle innovation as a result.

Those are among the findings of the recent cyber security report issued by Hewlett Packard Enterprise. This year’s HPE Cyber Risk Report 2016 examines the 2015 threat landscape in this context, identifying the top threats from the past year, and provides actionable intelligence around key areas of risk including application vulnerabilities, security patching and the growing monetization of malware.

The report also highlights important industry issues such as new security research regulations, the “collateral damage” from high profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.

“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” says Sue Barsamian, senior vice president and general manager at Hewlett Packard Enterprise. “We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”

Mobile Apps Pose Greater Risks
The security study found that while web applications pose significant risk to enterprises, mobile applications present growing and distinctive risks.

“Mobile applications’ frequent use of personally identifiable information presents significant vulnerabilities in the storage and transmission of private and sensitive information,” the report notes. Indeed, approximately 75 percent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications.

“Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling – the anticipation, detection, and resolution of errors – is more often found in web applications,” the study notes.

Software Vulnerability
Software vulnerability exploitation continues to be a primary vector for attack, the study reports, with mobile exploits gaining traction.

“Similar to 2014, the top ten vulnerabilities exploited in 2015 were more than one year old, with 68 percent being three years old or more,” according to the report. “In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications”

Monetization of Malware
While there has been a lot written in recent months about changing motives for cyber-attacks – including personal vendettas or political or religious agendas, profit continues to be the dominant factor.

“Malware has evolved from being simply disruptive to a revenue-generating activity for attackers,” the study notes. “While the overall number of newly discovered malware samples declined 3.6 percent year-over-year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetization.”

Tightening up security
In addition to identifying where the greatest threats are, the study looks at what IT leaders and chief information security officers can do to better project systems, networks, data and customers. The report recommends the following:

Apps are the New Battlefield
“The network perimeter is vanishing; attackers have shifted focus to target applications directly. Security professionals must adjust their approach accordingly, defending not just the edge but the interactions between users, applications and data regardless of location or device.”

Patch or Perish
“2015 was a record year for the number of security vulnerabilities reported and patches issued, but patching does little good if end users don’t install them for fear of unintended consequences. Security teams must be more vigilant about applying patches at both the enterprise and individual user level. Software vendors must be more transparent about the implications of their patches so that end-users aren’t afraid to deploy them.”

Monetisation of Malware
“Ransomware attacks targeting the enterprise and individuals are on the rise, requiring both increased awareness and preparation on the part of security professionals to avoid the loss of sensitive data. The best protection against ransomware is a sound backup policy for all important files on the system.”

Prepare for Shifting Politics
Finally, “Cross-border agreements pose challenges for enterprises struggling to keep their systems secure and in compliance. Organizations must follow the changing legislative activity closely and maintain a flexible security approach.”

Information-Management: 

« Communications Breakdown: CISOs & Company Boards
Brand Reputation Includes Cyber Safety »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

Innov8tif

Innov8tif

Innov8tif is an AI company specialised in providing ID assurance solutions — helping digital businesses to prevent frauds by verifying and authenticating customers identity.

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.