HP Cyber Risk Report 2013 and the State of Security Operations
Jacob West is Chief Technology Officer for Enterprise Security Products (ESP) at HP.
You lock your car doors, use a combination lock at the gym, and might even have a home security system. Though you go to great lengths to protect your personal possessions, do you dedicate the same efforts to protecting your devices or intellectual property? What about the personal information you entrust to your bank or credit card company?
In the HP Cyber Risk Report 2013 released last week, HP Security Research took a close look at today’s threat landscape. It is easy to credit hackers with the uptick in high-profile security breaches in the past year, as they have become savvier by working together in the adversary marketplace. However, another factor is the rapid expansion of possible attack surfaces: including insecure mobile and web applications that open new doors in the attack lifecycle.
In fact, 46 percent of the mobile applications examined for the HP Cyber Risk Report 2013 used encryption improperly. Our research showed that mobile developers often bypass encryption when storing sensitive data on mobile devices or simply rely on weak algorithms. Even worse, nearly 80 percent of the applications reviewed contained vulnerabilities caused by insecure configuration rooted outside of the source code.
How can organizations improve their security risk posture? They need a combination of the right people, processes, and technologies to effectively manage security threats. Many organizations are investing in Security Operations Centers (SOCs) to mitigate the risk presented by the increasingly aggressive threat landscape. To help customers better understand effective security operations, HP Enterprise Security recently issued a first-of-its-kind report on the state of SOCs around the world, sharing best practices and key capabilities.
Having spent more than 20 years in the security industry, HP is uniquely positioned to provide customers with end-to-end security solutions. While many of our peers focus on security products, they cannot provide the consulting or management services that customers often need. Within the HP security business, we have the research, products, people, technology, and services that enable our customers to get the most out of the New Style of IT.