News

By Chris Tribbey

The cyber security landscape is changing every day, but companies most at risk are still learning to defend against old problems and well-known techniques that compromise systems and networks, according to a new report from HP.

The 2015 edition of HP’s annual security research Cyber Risk Report found that many vulnerabilities exploited last year took advantage of code written years, even decades ago, and that exploitation of widely deployed client- and server-side applications remain commonplace. Newer attack exploits may be grabbing the headlines, but it’s the tried and true threats presenting the most significant threats to enterprise security, HP found.

“The environment is one in which well-known attacks and misconfigurations exist side-by-side with mobile malware and connected devices (Internet of Things) that remain largely unsecured,” the report reads. “As the global economy continues its recovery, enterprises have continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.”

Defects, bugs, logic flaws … these are the causes behind the most commonly exploited software vulnerabilities, HP found, and security professionals have discovered that most vulnerabilities result from a small number of common software programming errors. HP suggests that software development needs to be synonymous with security.

HP noted that the number of recorded malware samples hit 83 million in 2013, nearly doubled to 140 million last year, and will hit at least 200 million this year. “The increasing number of samples poses great challenges for anti- malware engines, and the rates of detection for previously unknown malware instances are declining,” the report reads.

Another of the major problems companies faced in 2014 was a significant rise in mobile malware, HP reported, the first year “when mobile malware stopped being considered just a novelty.” Connecting most everything to the Internet has opened up all sorts of new avenues for cyber criminals to use both old and new vulnerabilities to penetrate defenses, HP noted.

“Our researchers saw that despite new technologies and fresh investments from both adversaries and defenders alike, the security realm is still encumbered by the same problems — even in some cases by the very same bugs — that the industry has been battling for years,” said Art Gilliland, SVP and GM of enterprise security products for HP. “Well-known attacks were still distressingly effective, and misconfiguration of core technologies continued to plague systems that should have been far more stable and secure than they in fact proved to be.”