Security Threat Landscape Still Plagued by Known Issues, says HPTop ten vulnerabilities exploited in 2014 took advantage of known weaknesses in systems implemented years or even decades ago
PALO ALTO, Calif., Feb. 23, 2015 HP today published the 2015 edition of its annual Cyber Risk Report, providing in-depth threat research and analysis around the most pressing security issues plaguing the enterprise during the previous year and indicating likely trends for 2015.
Authored by HP Security Research, the report examines the data indicating the most prevalent vulnerabilities that leave organizations open to security risks. This year's report reveals that well-known issues and misconfigurations contributed to the most formidable threats in 2014.
Many of the biggest security risks are issues we've known about for decades, leaving organizations unnecessarily exposed, said Art Gilliland (@ArtGilliland), senior vice president and general manager, Enterprise Security Products, HP. We can't lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.
Highlights and key findings
44 percent of known breaches came from vulnerabilities that are 2-4 years old. Attackers continue to leverage well-known techniques to successfully compromise systems and networks. Every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago.
Server misconfigurations were the number one vulnerability. Over and above vulnerabilities such as privacy and cookie security issues, server misconfigurations dominated the list of security concerns in 2014, providing adversaries unnecessary access to files that leave an organization susceptible to an attack.
Additional avenues of attack were introduced via connected devices. In addition to security issues presented via Internet of Things (IoT) devices, 2014 also saw an increase in the level of mobile malware detected. As the computing ecosystem continues to expand, unless enterprises take security into consideration, attackers will continue to find more points of entry.
The primary causes of commonly exploited software vulnerabilities are defects, bugs, and logic flaws. Most vulnerabilities stem from a relatively small number of common software programming errors. Old and new vulnerabilities in software are swiftly exploited by attackers.
Key recommendations
A comprehensive and timely patching strategy should be employed by network defenders to ensure systems are up-to-date with the latest security protections to reduce the likelihood of these attacks succeeding.
Regular penetration testing and verification of configurations by internal and external entities can identify configuration errors before attackers exploit them.
Mitigate risk being introduced to a network prior to the adoption of new technologies. With emerging technologies like Internet of Things (IoT), it is imperative for organizations to protect against potential security vulnerabilities by understanding new avenues of attack before they are exploited.
Collaboration and threat intelligence sharing is key to cooperatively addressing threats across the security industry. This enables organizations to gain insight into adversarial tactics, allowing for more proactive defense, strengthened protections offered in security solutions, and an overall safer environment.
Complementary protection strategy should be adopted with a continuous assume-breach mentality. There is no silver bullet solution, and defenders should implement a complementary, layered set of security tactics to ensure the best defense.
Related videos
Cyber Risk Report 2015: Executive Overview HP Enterprise Security Products General Manager, Art Gilliland, provides an overview of the threat landscape and introduction to this year's report.
Cyber Risk Report 2015: The Past Is Prologue - Tune into a Q&A session featuring Jewel Timpe of HP Security Research to learn more about this year's key findings.
MethodologyThe HP Cyber Risk Report is published annually by HP Security Research, leveraging a number of internal and external sources to identify, research and analyze the findings, including the HP Zero Day Initiative, HP Fortify on Demand security assessments, HP Software Security Research and ReversingLabs. Additional information on the methodology can be found in the full report.
HP enables organizations to take a proactive approach to security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative research, HP Enterprise Security enables organizations to integrate information correlation, application analysis and network-level defense. Additional information about HP Enterprise Security can be found at www.hp.com/go/esp.
Join HP Software on Linkedin and follow @HPSoftware on Twitter. To learn more about HP Enterprise Security Products on Twitter, please follow @HPsecurity and join HP Enterprise Security on Linkedin.
2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
01/06/2024
Busy this week catching up from the Memorial Day holiday? Our TV Tech weekly wrap-up of all our coverage of new products, services and deployments will get you ...
01/06/2024
Young Sherlock, with Guy Ritchie directing and executive producing, is a go at Prime Video. Hero Fiennes Tiffin plays Sherlock. Prime Video calls it the origin...
01/06/2024
The Los Angeles Sparks-Indiana Fever game on Friday featuring the top two WNBA draft picks, Caitlin Clark and Cameron Brink, was the most watched WNBA game on I...
01/06/2024
Lionsgate, which increased its majority stake in 3 Arts Entertainment in January, said it named Brian Weinstein co-CEO of 3 Arts....
01/06/2024
Netflix is launching four video games based on unscripted series this year. They...
01/06/2024
ABC, CBS, NBC and Fox affiliates switched from their regular programming to carry live coverage of the verdicts in the porn star hush-money trial of former Pres...
31/05/2024
A U.S. Marine fires an FIM-92 Stinger missile during a training exercise in Yuma...
31/05/2024
NEW YORK The global body that sets technical standards for digital advertising h...
31/05/2024
In a new analysis of what services might make up a good bundle and what services might benefit the most from bundling, Antenna has released new data that highli...
31/05/2024
Global SVOD revenues will increase by $116.6 billion by 2031, a growth rate of 13.3% per year over the next eight years, according to a new report from MIDiA Re...
31/05/2024
WASHINGTON, D.C. The FCC Media Bureau has announced that effective August 1, 2024 the Commission's TVStudy software will incorporate the most recent U.S. Ce...
31/05/2024
NBCUniversal has announced that its FAST channel TNBC will be rebranding to NBC Comedy Vault on June 1 and that the free streaming service will officially launc...
31/05/2024
PARIS Ateme has announced that the Indonesian public broadcaster TVRI is making the transition to 4K UHD OTT streaming using Ateme technologies....
31/05/2024
The proposal had received support from James Cameron, Andy Serkis, Paul Greengrass, Richard Curtis, and Jeremy Irons
By Matthew Corrigan
Published: May 31, 2...
31/05/2024
According to multiple reports, the new bid from Skydance offers a better deal to Paramounts Class B shareholders, who were said to be unhappy with the companys ...
31/05/2024
The awards recognise women and companies who are stand-out performers, innovators and leaders in the broadcast media technology industry
By Matthew Corrigan
...
31/05/2024
NEW YORK The global body that sets technical standards for digital advertising has expanded the reach of its measurement software development kit to include Sam...
31/05/2024
The rise of digital platforms is fundamentally changing the broadcast newsroom and its investment in technology according to Jon Roberts, director of technology...
31/05/2024
In a new analysis of what services might make up a good bundle and what services might benefit the most from bundling, Antenna has released new data that highli...
31/05/2024
WASHINGTON, D.C. Fifty state broadcasters associations, including the District of Columbia and the Commonwealth of Puerto Rico, have sent a letter to Congressio...
31/05/2024
EVS has announced the appointment of Richard Katz as senior vice president of operations for the North and Latin American (NALA) region. This appointment is par...
31/05/2024
CommScope has announced that it was selected by Casa Systems, Inc. as the highest to acquire Casa's cable business assets and that the two companies have en...
31/05/2024
Robert De Niro won't be receiving the Service to America Leadership Award from the NAB Leadership Foundation after all....
31/05/2024
Viant Technology said it formed an integration with Google Cloud's BigQuery data clean rooms...
31/05/2024
The CW said it will broadcast the 2024 Snoop Dogg Arizona Bowl presented by Gin & Juice by Dre and Snoop Last year, The CW aired the game when it was called Bar...
31/05/2024
Allen Media Group said it made a deal with Amazon's Fire TV Channel that will make content from several of Allen's outlet available via Fire TV and Echo...
31/05/2024
Robert De Niro, announced as the winner of the NAB's Leadership Foundation's Service to America Leadership Award on May 28, will not get the award. The ...
31/05/2024
Comcast Technology Solutions was selected by AccuWeather to create, manage and distribute linear and over-the-top video channels....
31/05/2024
Connected TV is becoming a bigger deal for consumers and advertisers, according to a new report from TVision....
31/05/2024
By Craig Anderton
Let's get right to what this sounds like. It's not quite feedback or tape reverse, it's well, listen to what it does in this blue...
31/05/2024
31 May 2024
VEON discloses April YTD trading update at its AGM Amsterdam, 31 May 2024 07:00 CEST -
VEON April YTD 2024 Highlights
Total revenue of USD 1,278 ...
31/05/2024
31 May 2024
VEON Announces Its New Board, Names Founder Augie Fabela as Chairman Amsterdam, 31 May 2024, 16.00 CET: VEON Ltd. (NASDAQ: VEON, Euronext Amsterdam...
31/05/2024
May 31st, 2024
TRIBECA FESTIVAL AND OPEN AI ANNOUNCE SORA SHORTS'
Five Commissioned Short Films Created Using Sora Debut at 2024 Tribeca Festival
New ...
31/05/2024
In-Venue Technology Wrap-Up: How 4K, IP, and More are Changing the Game Pres Gam...
31/05/2024
UEFA Champions League Final 2024: The host broadcast facts and figures for Real ...
31/05/2024
UEFA Europa Conference League Final 2024: Bringing the broadcast to global TV sc...
31/05/2024
Willow Offers Free 2024 ICC T20 Cricket World Cup Preview via DirecTV, Verizon, ...
31/05/2024
Women's College World Series: ESPN Brings Live Drone, Two-Point Cabled, and ...
31/05/2024
SVG College Summit Brings Video-Production Industry Together in Atlanta in the M...
31/05/2024
UEFA Champions League Final 2024: CBS Sports' UCL Today Studio Show Is Pitch...
31/05/2024
Back to All News
Master of the House' Unveils a Scandalous Tale of Power and Greed on July 18
Entertainment
31 May 2024
GlobalThailand
Link copied to ...
31/05/2024
Back to All News
JEEtu Bhaiya is Back: Kota Factory' Season 3 Arrives on Netflix June 20
Entertainment
31 May 2024
GlobalIndia
Link copied to clipboar...
31/05/2024
Facebook
Twitter
LinkedIn
With around 9,000 employees, Ground Transportation Systems is a global leader in Rail Signaling and Train Control Systems, Telec...
31/05/2024
RT 2FM is the home of music this summer, entertaining listeners across the day and night, with the best music, chat and interviews providing the soundtrack to ...
31/05/2024
After the 2008 financial crisis and increased risk-management regulations that f...
31/05/2024
RT Supporting the Arts: What's On this June
Watch our promo: RT Supporting the Arts | What's on YouTube
This June, RT is delighted to support Lim...
30/05/2024
When to Upgrade Software or Firmware This post is from our blog and news archive. The information may be out of date. Please contact us for further information ...
Security Threat Landscape Still Plagued by Known Issues, says HPTop ten vulnerabilities exploited in 2014 took advantage of known weaknesses in systems implemented years or even decades ago
