Security Market Segment LS
Friday, 19 February 2016 11:02

Top enterprise risks are application vulnerabilities, patching and malware monetisation

By

Cybercriminals are getting smarter, attack sophistication is on the rise and organisations struggle to keep pace with dissolving perimeter and diversifying platforms.

HPE’s Annual Cyber Risk Report 2016 has identified the top security threats plaguing enterprises over the past year.

As the traditional network perimeter disappears [Cloud, BYOD] and attack surfaces grow, security professionals are challenged with protecting users, applications and data – without stifling innovation or delaying enterprise timelines.

This year’s Cyber Risk Report examines the 2015 threat landscape in this context, providing actionable intelligence around key areas of risk including application vulnerabilities, security patching and the growing monetization of malware. The report also highlights important industry issues such as new security research regulations, the “collateral damage” from high-profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.
 
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” said Shane Bellos, general manager, Enterprise Security Products, Hewlett Packard Enterprise. “We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to innovate fearlessly and accelerate business growth.”

Read on for a summary of key findings.

Applications are the New Battlefield
 
While web applications pose a significant risk to enterprises, mobile applications present growing and distinctive risks.

  • Mobile applications’ frequent use of personally identifiable information presents significant vulnerabilities in the storage and transmission of private and sensitive information.  
  • Approximately 75 percent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications.
  • Vulnerabilities due to API abuse are much more common in mobile applications than web applications, while error handling – the anticipation, detection, and resolution of errors – is more often found in web applications.

Patch or Perish
 
Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction.

  • Similar to 2014, the top ten vulnerabilities exploited in 2015 were more than one-year-old, with 68 percent being three years old or more.
  • In 2015, Microsoft Windows represented the most targeted software platform, with 42 percent of the top 20 discovered exploits directed at Microsoft platforms and applications.
  • 29 percent of all successful exploits in 2015 continued to use a 2010 Stuxnet infection vector that has been patched twice.

Monetisation of Malware

Malware has evolved from being simply disruptive to a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6 percent year-over-year, the attack targets shifted notably in line with evolving enterprise trends and focused heavily on monetisation.

  • As the number of connected mobile devices expands, malware is diversifying to target the most popular mobile operating platforms. The number of Android threats, malware, and potentially unwanted applications have grown to more than 10,000 new threats discovered daily, reaching a total year-over-year increase of 153 percent. Apple iOS represented the greatest growth rate, with a malware sample increase of more than 230 percent.
  • Malware attacks on ATMs use hardware, software loaded onto the ATM, or a combination of both to steal credit card information. In some cases, attacks at the software level bypass card authentication to directly dispense cash.
  • Banking Trojans, such as variants of the Zbot Trojan, continue to be problematic despite protection efforts. More than 100,000 of these were detected in 2015.
  • Ransomware is an increasingly successful attack model, with several ransomware families wreaking havoc in 2015 by encrypting files of consumer and corporate users alike. Examples include Cryptolocker, Cryptowall, CoinVault, BitCryptor, TorrentLocker, TeslaCrypt, and others.

 
Actionable Intelligence and Recommendations

  • Apps are the New Battlefield: The network perimeter is vanishing; attackers have shifted focus to target applications directly. Security professionals must adjust their approach accordingly, defending not just the edge but the interactions between users, applications and data regardless of location or device.
  • Patch or Perish: 2015 was a record year for the number of security vulnerabilities reported and patches issued, but patching does little good if end users don’t install them for fear of unintended consequences.4 Security teams must be more vigilant about applying patches at both the enterprise and individual user level. Software vendors must be more transparent about the implications of their patches so that end-users aren’t afraid to deploy them.
  • Monetisation of Malware: Ransomware attacks targeting the enterprise and individuals are on the rise, requiring both increased awareness and preparation on the part of security professionals to avoid the loss of sensitive data. The best protection against ransomware is a sound backup policy for all important files on the system.
  • Prepare for Shifting Politics: Cross-border agreements pose challenges for enterprises struggling to keep their systems secure and in compliance. Organisations must follow the changing legislative activity closely and maintain a flexible security approach.

 

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments