Most Security Breaches ‘From Well-Known Sources’, Says HP

Steve McCaskill,
dropbox

44 percent of breaches in 2014 were caused by known vulnerabilities between two and four years old, report finds

We constantly hear about the ever-changing and evolving technology used by criminals to develop new and sophisticated hacking mechanisms, but it seems businesses should really be worried about blasts from the past.

Despite many businesses spending millions on keeping their security provisions up to date, nearly half (44 percent) of known breaches affecting businesses came from vulnerabilities that were between two and four years old, according to HP’s latest Cyber Risk Report.

On top of that, every one of the top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago, HP found, showing how hackers are continuing to use well-known techniques to gain rewards.

ISISOld school

HP’s annual report looks to identify the most pressing security issues from the previous year and attempt to identify possible threats for the year ahead.

This year’s edition found that server misconfigurations were the number one vulnerability detected in 2014, often providing adversaries unnecessary access to files that leave an organisation susceptible to an attack.

The rise of connected personal devices was also found to be a major security headache, as mobile malware levels soared in 2014. Warning that security issues surrounding Internet of Things (IoT) connected devices, the report warns that unless enterprises take security into consideration, attackers will continue to find more points of entry.

Overall, the primary causes of commonly exploited software vulnerabilities were defects, bugs, and logic flaws, with most vulnerabilities stemming from a relatively small number of common software programming errors.

“Many of the biggest security risks are issues we’ve known about for decades, leaving organisations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP.

“We can’t lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organisations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk.”

A report last year by PWC found that the average cost of the worst breach of the year for a large British organisation averaged from £650,000 to £1.15m, with small businesses being hit for anywhere between £65,000 and £115,000.

How well do you know network security? Try our quiz and find out!