May 19, 2012 – The 2011 edition of the Top Cyber Security Risks Report, compiled by Hewlett Packard testifies to the growing sophistication and severity of security attacks and points at an apparent paradox: While newly reported vulnerabilities in commercial applications continue to decline, attacks have more than doubled in the second half of 2011. The report concludes that pure vulnerability volume is no longer a valid indicator of the security risk landscape. While newly reported vulnerabilities in commercial applications continue to decline, a large number of vulnerabilities are unaccounted for, and are therefore undisclosed to the broader security industry.
In a special briefing for IndiaTechOnline, Damanjit Singh Uberoi, Chief Solutions Architect & Security Evangelist HP Enterprise Security Products, HP India and Narayan Makaram, Director of Security Solutions, Security Business, Hewlett-Packard, suggested that the threat profile straddles two distinct groups:
- those who are motivated by the big bucks in the business -- and use easily available web exploit toolkits, enabling hackers to access enterprise IT systems and steal sensitive data,
- as well as an increasing number of “hacktivist” groups, such as Anonymous and LulzSec which perform highly organized attacks in retaliation for perceived wrongdoing.
Disclosure of new vulnerabilities in commercial applications has slowly declined since 2006, dropping nearly 20 percent in 2011 from the previous year. However, data from the report demonstrates that this decline does not signify decreased risk. Nearly 24 percent of new vulnerabilities disclosed in commercial applications in 2011 have a severity rating of 8 to 10. These vulnerabilities can result in a remote code execution, the most dangerous type of attack.
The report also says roughly 36 percent of all vulnerabilities are in commercial web applications. Approximately 86 percent of web applications are vulnerable to an injection attack, which is when hackers access internal databases through a website.
HP offers the HP Security Intelligence and Risk Management (SIRM) platform, an integrated platform of risk-driven security solutions. HP SIRM delivers visibility across traditional, mobile and cloud environments enabling enterprises to apply adaptive security defenses based on specific organizational risk.In short -- and to use the title of a famous Raj Kapoor movie --Jaagtey Raho!, Stay alert!
The full report can be found here: www.hpenterprisesecurity.com/collateral/report/2011FullYearCyberSecurityRisksReport.pdf