Mobile apps and malware quickly became the top threats for businesses in 2015, according to a new report from Hewlett Packard Enterprise (HPE), and while the sophistication of attacks keeps increasing, organizations are still struggling to keep pace.
That’s according to the “HPE Cyber Risk Report 2016,” which identified the top security threats of last year, and offered suggestions on how companies can tackle those threats this year.
App vulnerabilities, security patching and the monetization of malware were the top targets HPE identified, according to Sue Barsamian, SVP and GM of security products for HPE. And the ever-growing diversity of digital platforms, shifting political agendas, and the ongoing debate between privacy and security are all contributing to the problem as well.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” Barsamian said. “We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
While Web applications continue to present a serious risk, HPE’s report pinpointed mobile apps as especially problematic in 2015, with 75% of mobile apps scanned by HPE showing at least one high-severity or even critical security vulnerability (vs. 35% of non-mobile apps). The problem: mobile apps more frequently use personally identifiable info on users, opening up more significant vulnerabilities. And errors with Web apps are much more easily identified, the report found.
“The network perimeter is vanishing; attackers have shifted focus to target applications directly,” the report reads. “Security professionals must adjust their approach accordingly, defending not just the edge but the interactions between users, applications and data regardless of location or device.
HPE also found that, just like in 2014, the top 10 vulnerabilities exploited in 2015 were already well-known, and at least a year old, with nearly 70% being three years old or more. Last year, Microsoft Windows was the most targeted software platform, with 42% of the top 20 discovered exploits directed at its platforms and applications.
Malware became especially problematic in 2015, according to the HPE report: no longer just a disruptive nuisance, it’s become a moneymaker for attackers. The number of malware samples may be slightly down (3.6% compared to 2014) but the way they attack (to steal financial information) has changed.
HPE found that the number of malware attacks (along with other threats) targeting Android devices hit more than 10,000 each day, a year over year increase of more than 150%, while the percentage jump for Apple iOS devices grew more than 230%.
“Security teams must be more vigilant about applying patches at both the enterprise and individual user level,” the report concluded. “Software vendors must be more transparent about the implications of their patches so that end-users aren’t afraid to deploy them.”
To access the HPE report, click here.