Data centres around the world are facing more threats than ever before, with the total number of vulnerabilities on the rise, according to the HP 2012 Cyber Security Risk Report.
The annual report reveals that disclosures grew 19% from 6 844 in 2011 to 8 137 in 2012, although 2012 disclosures remain 19% lower than the peak in 2006.
Critical vulnerabilities declined, but still pose significant risk, falling from 23% in 2011 to 20% in 2012.
Importantly, one in five vulnerabilities still give attackers total control of their target.
Fortunately, well-known Web vulnerabilities remain prevalent in 2012, with four Web vulnerability categories making up 40% of 2012 reports. Vulnerabilities exploited by clickjacking are still ubiquitous.
Fewer than 1% of URLs tested leverage standard mitigation after more than a decade.
The rate of mobile vulnerabilities continues to increase rapidly, growing by 68% from 158 in 2011 to 266 in 2012 – and 48% of mobile applications tested in 2012 gave unauthorised access.
The survey also found that mature technologies introduce continued and evolving risk. For instance, vulnerabilities in SCADA systems rose 768% from only 22 in 2008 to 191 in 2012.
HP has also announced the formation of the HP Security Research (HPSR) organisation, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio.
As part of the HP Enterprise Security Products (ESP) business unit, HPSR will lead HP’s security research agenda, leveraging existing HP research groups, including HP DVLabs, a research organisation focused on vulnerability discovery and analysis, and HP Fortify Software Security Research, which is focussed on developing software security practices.
HPSR also will manage the Zero Day Initiative (ZDI), which focusses on identifying software flaws that have led to cyber-attacks and security breaches.
“Organisations need the latest in security research to effectively prevent, detect and combat the growing number of sophisticated threats,” says Lorna Hardie, enterprise security product sales manager at HP South Africa.
“HP empowers clients to address the most advanced threats by combining access to a global network of security experts and published research with the power of that expertise built directly into our products and services.”
The annual report reveals that disclosures grew 19% from 6 844 in 2011 to 8 137 in 2012, although 2012 disclosures remain 19% lower than the peak in 2006.
Critical vulnerabilities declined, but still pose significant risk, falling from 23% in 2011 to 20% in 2012.
Importantly, one in five vulnerabilities still give attackers total control of their target.
Fortunately, well-known Web vulnerabilities remain prevalent in 2012, with four Web vulnerability categories making up 40% of 2012 reports. Vulnerabilities exploited by clickjacking are still ubiquitous.
Fewer than 1% of URLs tested leverage standard mitigation after more than a decade.
The rate of mobile vulnerabilities continues to increase rapidly, growing by 68% from 158 in 2011 to 266 in 2012 – and 48% of mobile applications tested in 2012 gave unauthorised access.
The survey also found that mature technologies introduce continued and evolving risk. For instance, vulnerabilities in SCADA systems rose 768% from only 22 in 2008 to 191 in 2012.
HP has also announced the formation of the HP Security Research (HPSR) organisation, a new group that will provide actionable security intelligence through published reports, threat briefings and enhancements to the HP security product portfolio.
As part of the HP Enterprise Security Products (ESP) business unit, HPSR will lead HP’s security research agenda, leveraging existing HP research groups, including HP DVLabs, a research organisation focused on vulnerability discovery and analysis, and HP Fortify Software Security Research, which is focussed on developing software security practices.
HPSR also will manage the Zero Day Initiative (ZDI), which focusses on identifying software flaws that have led to cyber-attacks and security breaches.
“Organisations need the latest in security research to effectively prevent, detect and combat the growing number of sophisticated threats,” says Lorna Hardie, enterprise security product sales manager at HP South Africa.
“HP empowers clients to address the most advanced threats by combining access to a global network of security experts and published research with the power of that expertise built directly into our products and services.”