Vulnerabilities up nearly 20%
HP’s latest Cyber Security Risk Report shows that total vulnerabilities are on the rise, but that critical vulnerabilities have dropped.
The company released findings from its annual Cyber Security Risk Report this week, coinciding with its announcement of the formation of the HP Security Research (HPSR) organisation, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio.
Highlights from the report include:
- Total vulnerabilities are on the rise
- Disclosures grew 19% from 6,844 in 2011 to 8,137 in 2012
- 2012 disclosures remain 19% lower than the peak in 2006
- Critical vulnerabilities declined, but still pose significant risk
- Critical vulnerabilities fell from 23% in 2011 to 20% in 2012
- One in five vulnerabilities still give attackers total control of their target
- Well-known web vulnerabilities remain prevalent in 2012
- Four web vulnerability categories made up 40% of 2012 reports
- Vulnerabilities exploited by clickjacking are still ubiquitous
- Less than 1% of URLs tested leverage standard mitigation after more than a decade
- The rate of mobile vulnerabilities continues to increase rapidly
- Mobile vulnerabilities rose 68% from 158 in 2011 to 266 in 2012
- 48% of mobile applications tested in 2012 gave unauthorised access
- Mature technologies introduce continued and evolving risk
- Vulnerabilities in SCADA systems rose 768% from only 22 in 2008 to 191 in 2012
“Organisations need the latest in security research to effectively prevent, detect and combat the growing number of sophisticated threats,” said Lorna Hardie, Enterprise Security Product Sales Manager, HP South Africa.
HP said its new HP Security Research (HPSR) organisation, part of the HP Enterprise Security Products (ESP) business unit, will lead HP’s security research agenda, leveraging existing HP research groups, including HP DVLabs, a research organisation focused on vulnerability discovery and analysis, and HP Fortify Software Security Research, which is focused on developing software security practices. HPSR also will manage the Zero Day Initiative (ZDI), which focuses on identifying software flaws that have led to cyberattacks and security breaches.
A core focus of HPSR is to provide research that directly influences the development of the HP ESP portfolio. As such, HP has enhanced its HP Reputation Security Monitor (RepSM) 1.5, which protects clients against advanced threats by leveraging data feeds directly from HPSR. These data feeds enhance the identification of peer-to-peer network use and improve detection of potential spear phishing and spam floods, while also recognising patterns over time, such as reconnaissance scans and abnormal activity levels.