HP Identifies Top Enterprise Security ThreatsAnnual report examines vulnerability and threat landscape, provides actionable security intelligence to protect attack surface
PALO ALTO, Calif. - HP today published the Cyber Risk Report 2013, identifying top enterprise security vulnerabilities and providing analysis of the expanding threat landscape.
Developed by HP Security Research, the annual report provides in-depth data and analysis around the most pressing security issues plaguing enterprises. This year's report details factors that contributed most to the growing attack surface in 2013-increased reliance on mobile devices, proliferation of insecure software and the growing use of Java-and outlines recommendations for organizations to minimize security risk and the overall impact of attacks.
Adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface, said Jacob West, chief technology officer, Enterprise Security Products, HP. The industry must band together to proactively share security intelligence and tactics in order to disrupt malicious activities driven by the growing underground marketplace.
Highlights and key findings from the report
While vulnerability research continued to gain attention, the total number of publicly disclosed vulnerabilities decreased by 6 percent year over year,(1) and the number of high-severity vulnerabilities declined for the fourth consecutive year, decreasing by 9 percent.(1) Although unquantifiable, the decline may be an indication as to a surge in vulnerabilities that are not publicly disclosed but rather delivered to the black market for private and/or nefarious consumption.
Nearly 80 percent(2) of applications reviewed contained vulnerabilities rooted outside their source code. Even expertly coded software can be dangerously vulnerable if misconfigured.
Inconsistent and varying definitions of malware complicate risk analysis. In an examination of more than 500,000 mobile applications for Android, HP found major discrepancies between how antivirus engines and mobile platform vendors classify malware.(3)
Forty-six percent(2) of mobile applications studied use encryption improperly. HP research shows that mobile developers often fail to use encryption when storing sensitive data on mobile devices, rely on weak algorithms to do so, or misuse stronger encryption capabilities, rendering them ineffective.
Internet Explorer was the software most targeted by HP Zero Day Initiative (ZDI) vulnerability researchers in 2013, and accounted for more than 50 percent(4) of vulnerabilities acquired by the program. This attention results from market forces focusing researchers on Microsoft vulnerabilities and does not reflect on the overall security of Internet Explorer.
Sandbox bypass vulnerabilities were the most prevalent and damaging for Java users.(2) Adversaries significantly escalated their exploitation of Java by simultaneously targeting multiple known (and zero day) vulnerabilities in combined attacks to compromise specific targets of interest.
Key recommendations
In today's world of rising cyberattacks and growing demands for secure software, it is imperative to eliminate opportunities for unintentionally revealing information that may be beneficial to attackers.
Organizations and developers alike must stay cognizant of security pitfalls in frameworks and other third-party code, particularly for hybrid mobile development platforms. Robust security guidelines must be enacted to protect the integrity of applications and the privacy of users.
While it is impossible to eliminate the attack surface without sacrificing functionality, a combination of the right people, processes and technology does allow organizations to effectively minimize the vulnerabilities surrounding it and dramatically reduce overall risk.
Collaboration and threat intelligence sharing among the security industry helps gain insight into adversary tactics, allowing for more proactive defense, strengthened protections offered in security solutions, and an overall safer environment.
Methodology
HP has published its Cyber Risk Report annually since 2009. HP Security Research leverages a number of internal and external sources to develop the report, including the HP Zero Day Initiative, HP Fortify on Demand security assessments, HP Fortify Software Security Research, ReversingLabs and the National Vulnerability Database. The full methodology is detailed in the report.
Additional information about HP Enterprise Security Products is available at www.hpenterprisesecurity.com.
HP will be addressing the latest trends in enterprise security at the RSA Conference 2014, taking place February 24-28 in San Francisco. Additional information about HP at this year's conference is available here.
HPs premier Americas client event, HP Discover, takes place June 10-12 in Las Vegas.
(1) Cyber Risk Report 2013, HP Security Research, February 2014, p.20-21.
(2) Cyber Risk Report 2013, p. 4-5.
(3) HP Fortify on Demand findings included in the Cyber Risk Report 2013, p. 24.
(4) ZDI data included in the Cyber Risk Report 2013, p. 6.
Java is a registered trademark of Oracle and/or its affiliates. Microsoft is a U.S. registered trademark of the Microsoft group of companies.
This news release contains forward-looking statements that involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of HP and its consolidated subsidiaries could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including but not limited to statements of the plans
Most recent headlines
06/10/2025
France T l visions, France's leading broadcaster, has received the 2025 EBU ...
04/09/2025
Monumental Sports & Entertainment (MSE), in collaboration with Dalet, has been a...
07/08/2025
July 8 2025, 22:30 (PDT) Tata Motors & Dolby Bring Dolby Atmos to Harrier.ev, R...
16/07/2025
It's Emmy nominations day, and Sundance Institute storytellers are basking i...
16/07/2025
Spotify's podcast editorial team is always on the hunt for shows and episodes that spark conversation, push boundaries, and keep us coming back for more. As...
16/07/2025
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
16/07/2025
Join us at IBC this September and take control of your content. Discover how we're bringing a new level of purpose and precision to the application of AI in...
16/07/2025
Warsaw - Poland, June 24, 2025 - Nielsen, the global leader in audience measurement, data and analytics, has released its latest May All Screens Video Landscape...
16/07/2025
Bluey Tops Nielsen's Overall Streaming List with More Than 25 Billion Minutes Streamed from January through June 2025
Big June Vaults Squid Game into Top O...
16/07/2025
TV SIM, the SBT affiliate serving Esp rito Santo state in Brazil, has launched a transmitter upgrade initiative with the installation of a Rohde & Schwarz R&S T...
16/07/2025
Pebble, the leading automation, content management and integrated channel specialist, is turning its vision to the future of automation with its demonstrations ...
16/07/2025
Ikegami announces a new addition to its UNICAM-XE product range with the introduction of the UHK-X700RF wireless portable camera: The new version has the same f...
16/07/2025
Today, Amazon Web Services added TwelveLabs as a new model provider to Amazon Bedrock, delivering what could be the most significant breakthrough in enterprise ...
16/07/2025
NEW YORK Streaming platforms continued to dominate TV viewing patterns in June, with data from Nielsen's 50th monthly report of The Gauge showing that strea...
16/07/2025
MAHWAH, NJ Ikegami has introduced the the UHK-X700RF wireless portable camera, a new addition to its UNICAM-XE product range with the same feature set, operatio...
16/07/2025
LONDON IBC2025 organizers said global attendees will have access to a new feature that will integrate Amsterdam's GVB public transport pass into the officia...
16/07/2025
July 16th, 2025
Tribeca Films to Release the Acclaimed LARPing Doc WE CAN BE HEROES by Carina Mia Wong and Alex Simmons, Alongside a Slate of Festival-Favori...
16/07/2025
Deltatre Acquires Endeavor Streaming in Major Streaming Industry Move The transaction is expected to close in the third quarter of 2025 By Brandon Costa, Direc...
16/07/2025
SVG Regional Sports Production Summit 2025: All Sessions Now Available to Watch ...
16/07/2025
Wednesday 16 July 2025
Sky and ITV today announced an extension of their long-standing partnership, which will see ITV's content and services remain seamle...
16/07/2025
Sky Sports lifts the lid on Lions life with hilarious behind-the-scenes mockumentaryWednesday 16 July 2025
To view this content, please enable our use of cooki...
16/07/2025
CULVER CITY, CALIFORNIA Apple TV+ today earned a record-breaking 81 Emmy Award nominations across 14 hit Apple Original titles for this year's 77th Emmy Awa...
15/07/2025
Independent media outlets in Brazil and Colombia are invited to apply for a new programme aimed at strengthening the long-term resilience of journalism in the f...
15/07/2025
By Lucy Spicer
One of the most exciting things about the Sundance Film Festival...
15/07/2025
Spotify une fuerzas con DiDi, la app l der en servicios de movilidad, delivery y...
15/07/2025
The National Film and Video Foundation (NFVF), an agency of the Department of Sp...
15/07/2025
L3Harris put its CORVUS-RAVEN counter-small UAS capability into the hands of soldiers at VANAHEIM, showcasing its ability to provide passive signal detect, enha...
15/07/2025
Netflix Viewing Up 13.5% vs. May, Represents 42% of Monthly Gain for Streaming
...
15/07/2025
SAN FRANCISCO and BENGALARU, India Sangeeta Chakraborty has been named chief revenue officer at Amagi, a cloud-based software-as-a-service (SaaS) technology pro...
15/07/2025
As part of its mandate, the Advanced Television Systems Committee the U.S. organization tasked with developing advanced broadcast TV standards promotes ATSC 3.0...
15/07/2025
QuickLink, the leading global provider of multi-camera video productions and remote contributions, announces the launch of two innovative control panels Studi...
15/07/2025
Chris Kontopanos has joined leading high-quality microphone solutions manufacturer, DPA Microphones, as the company's new Regional Sales Manager for the Mid...
15/07/2025
Magnifi by VideoVerse, a global leader in AI-powered video automation, has launched a major platform upgrade built to simplify live and archival video editing f...
15/07/2025
Telestream, a global leader in media workflow technologies, will preview its latest innovations at IBC2025, Stand 7.B21. This year's showcase highlights how...
15/07/2025
IBC2025 is set to transform the onsite experience for its global attendees with the launch of a pioneering new feature: full integration of Amsterdam's GVB ...
15/07/2025
Music, sport and technology collided in spectacular fashion as ASB GlassFloor powered the debut of Beats N Buckets, Germany's first Basketball meets Hip-Ho...
15/07/2025
The Collectv, the Emmy award-winning broadcast solutions and workflows consultancy - and winner of Broadcast Tech's Team of the Year is delighted to announc...
15/07/2025
SipRadius, the expert in secure, low latency media transport, will showcase how broadcasters and media companies can take control of fragmented IP workflows at ...
15/07/2025
Appear, the global leader in live production technology, today announced its strategic partnership with beIN ASIA PACIFIC, a leading multi-platform sports media...
15/07/2025
Company marks 15 years of innovation at the show
Broadpeak, a leader in streaming and monetization at scale, will return to IBC (Hall 1, Stand F83. RAI, Amster...
15/07/2025
New software solutions extend trusted timing measurement across broadcast, venue, and professional AV applications
Hitomi Broadcast, the market leader in audi...
15/07/2025
SHENZHEN, China Telycam has added control options for its portfolio of pan-tilt-zoom (PTZ) cameras with a new plug-in for Elgato's Stream Deck family of con...
15/07/2025
MELVILLE, N.Y. Chyron said its Chyron LIVE cloud-native live production solution has successfully completed the Amazon Web Services (AWS) Foundational Technical...
15/07/2025
PHILADELPHIA The Xumo streaming platform joint venture between Comcast and Charter has announced the nationwide launch of a new line of Xumo TVs from Westinghou...
15/07/2025
LONGMONT, Colo. DPA Microphones said Chris Kontopanos has joined the microphone solutions provider as its new regional sales manager, Mid-Atlantic....
15/07/2025
NOT FOR DISTRIBUTION IN OR INTO OR TO ANY PERSON LOCATED OR RESIDENT IN THE UNIT...
15/07/2025
Back to All News
Netflix and YRF Entertainment's Mandala Murders' Buil...
15/07/2025
From Small Town Councils to State Chambers-There's a Broadcast Pix Bundle for You In today's digital-first world, every level of government-whether a ru...
15/07/2025
Audiences and ad dollars are moving to streaming - media organizations are evolving to meet them there....
HP Identifies Top Enterprise Security ThreatsAnnual report examines vulnerability and threat landscape, provides actionable security intelligence to protect attack surface
