Enterprise Cyber Security Risks and Threat Landscape

The recent “Cyber Risk Report” by HP gives a detailed snapshot of the latest and biggest threats to enterprise cyber security.

This year’s report details how increased reliance on mobile devices, the proliferation of insecure software and growing use of Java have all contributed to growing attacks against enterprises.

Cyber Security will remain key concern as we become more mobile

HP found that nearly 80 percent of applications it reviewed contained vulnerabilities outside of their source code. The report says “even expertly coded software can be dangerously vulnerable if misconfigured.”

In an examination of 500,000 mobile apps for Android, HP found major discrepancies between the way mobile platform vendors classify malware. These inconsistencies fail to comprehensively secure mobile devices rendering them open to attack.

Forty-six percent of mobile apps studied were found to be encrypted improperly.

Based on the report’s findings, HP’s key recommendation is that “collaboration and threat intelligence sharing among the cyber security industry helps gain insight into adversary tactics, allowing for more proactive defense, strengthened protections offered in security solutions, and an overall safer environment.”

Enterprise cyber security vulnerabilities need concerted action

While mobility remains a key concern, this week particular attention has been devoted to retailers both in the UK and the US who have come under renewed pressure to increase spending on their cyber security initiatives.

The Technology Strategy Board has recently made £8 million available to technological innovation. The scheme is intended to encourage businesses to trial technologies to boost the high street’s approach to retail, logistics and traffic.

Recent findings show that retailers need to invest in their security architecture, to fend off cyber-attacks. The British Retail Consortium’s ‘Retail Crime Survey’ published in January 2014 says the total cost of retail crime was £511 million in 2012-13, with fraud accounting for 41 per cent of the total cost. Hacking and DDoS attacks were the most serious threats in the last 12 months.

There were just over 120,000 separate fraud incidents and 4 out of 5 retailers said they’d fallen victim to computer viruses and malware. Yet 1 in 3 businesses said they do not report these crimes to the police because of a lack of confidence in the authorities’ response.

Despite security challenges the research firm Gartner says that retailers, particularly those in the US, lag behind banks and healthcare companies in their expenditure on technologies to avert security breaches.

“They don’t spend enough on isolating their payment card processing environment from the rest of their store networks and the public Internet,” says Gartner analyst Avivah Litan.

“This leaves their cardholder data environment open to cyber security holes that the criminals punch through.”

Join Whitehall Media’s Enterprise Security and Risk Management conference on 25 March 2014 in central London to better understand the full spectrum of risks facing the modern, connected enterprise. Our excellent line-up of speakers will guide delegates through practical tools and technologies to combat security vulnerabilities and breaches. To find out more about who will be speaking and how to register your place to attend, please visit: www.whitehallmedia.co.uk/esrm.