Hewlett Packard Enterprises recently released its 2016 Cyber Risk Report delving into the nature of common vulnerabilities that leave companies exposed to risk, and how cyber criminals take advantage of those vulnerabilities.
Here’s some key findings in the HP Cyber Risk Report 2016:
2015- The Year of Collateral Damage
The breaches of 2015 had one thing in common- affecting people who never had involvement or direct contact with the company. This holds true for the OPM breach and the Ashley Madison breach with affected people whose information resided in the company networks only as it related to someone else. Criminals are not only focusing on credit card data but are more so focusing on obtaining information that could change someone’s life forever.
Over Regulating Pushes Research Underground
Amid a global emphasis on surveillance, snooping and encryption in the wake of catastrophic terrorist attacks and cyber-attacks, various regulations governing cyber security have been proposed. While the intent is to protect against future attacks, the result pushes legitimate security research underground. Regulations impacting the progress of security research must protect and encourage it as it benefits everyone.
Vendors Shifting from Point Fixes to Broad Impact Solutions
Our current level of patching is higher than ever before, and it’s unclear if this is sustainable. It strains resources from both the vendor & the customer. It would be in companies’ best interests to invest in these broad, asymmetric fixes that knock out multiple vulnerabilities all at once.
Political Pressures Attempt to Weaken Privacy & Security Efforts
Many lawmakers around the world are claiming that security is only possible if privacy & due process are abridged, so those evaluating the security of their enterprises would do well to monitor government efforts like adding backdoors to encryption and other security tools.
Industry Learned Nothing about Patching in 2015
While vendors continue to produce security remediations, they’re no good if not installed by the end user. Software vendors must understand that in order to earn back the trust of users, they must restore faith in automatic updates.
Attackers Shift Focus to Applications
With today’s mobile devices and interconnectivity, attacks have shifted their focus from servers and operating systems to applications. These mobile applications are the easiest way for criminals to access sensitive data, so it’s important to understand the risk associated with this convenience and to adequately protect it.
Monetization of Malware the New Focus for Attackers
Researchers have found that today’s malware needs to not only be disruptive but also needs to be more financially focused. This trend has led to an increase in ATM related malware, banking Trojans, and ransomware.
As software vendors continue to make it more and more difficult for attackers with the implementation of security mitigations, great progress has been made to help secure the threat landscape. Implementing solutions like File Integrity Monitoring, Change & Configuration Management, System Hardening & Vulnerability Management and Continuous Compliance can help mitigate the effects of the inevitable breaches we continue to face. With NNT’s Change Tracker Gen7 you’ll come equipped with all the security tools you could need to help secure your IT estate from cyber criminals.