Ransomware attacks targeting enterprises and individuals were one the biggest security threats to business in 2015
Hewlett Packard Enterprise have published their HPE Cyber Risk Report 2016, identifying the top security threats to business over the past year.
As the traditional network perimeter disappears and attack surfaces grow, security professionals are challenged with protecting users, applications and data – without stifling innovation or delaying enterprise timelines.
This year’s Cyber Risk Report examines the 2015 threat landscape in this context, providing actionable intelligence around key areas of risk including application vulnerabilities, security patching and the growing monetization of malware. The report also highlights important industry issues such as new security research regulations, the ‘collateral damage’ from high profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.
Shane Bellos, general manager, Enterprise Security Products, Hewlett Packard Enterprise, says ‘In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown.
‘We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organisation to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.”
The key actionable intelligence and recommendations arising from the report are:
Apps are the new battlefield
The network perimeter is vanishing; attackers have shifted focus to target applications directly. Security professionals must adjust their approach accordingly, defending not just the edge but the interactions between users, applications and data regardless of location or device.
Patch or perish
2015 was a record year for the number of security vulnerabilities reported and patches issued, but patching does little good if end users don’t install them for fear of unintended consequences.4 Security teams must be more vigilant about applying patches at both the enterprise and individual user level. Software vendors must be more transparent about the implications of their patches so that end-users aren’t afraid to deploy them.
Monetisation of malware
Ransomware attacks targeting businesses and individuals are on the rise, requiring both increased awareness and preparation on the part of security professionals to avoid the loss of sensitive data. The best protection against ransomware is a sound backup policy for all important files on the system.
Prepare for shifting politics
Cross-border agreements pose challenges for enterprises struggling to keep their systems secure and in compliance. Organisations must follow the changing legislative activity closely and maintain a flexible security approach.
