HP recently published its annual Cyber Risk Report for 2015, exploring the cyber security landscape through 2014 and what trends are likely to rise above the rest for this year. Based on risk assessment data and threat events throughout 2014, this year's report highlights some of the well-known issues and misconfigurations that contributed to some of 2014's most highly visible threats.
"Many of the biggest security risks are issues we've known about for decades, leaving organizations unnecessarily exposed," said Art Gilliland, senior vice president and general manager of Enterprise Security Products for HP, in a release. "We can't lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organizations must employ fundamental security tactics to address known vulnerabilities and in turn, eliminate significant amounts of risk."
The report highlights a few trends particularly important for companies looking to bolster cyber security as part of their continuity of operations planning in 2015, including:
Internet of Things bringing new vulnerabilities – Connected devices are bringing new security threats into the office that companies have to adapt to. This has also led to a rise in mobile malware development. While this increase hasn't diminished the value of adding mobile devices to your IT infrastructure, it presents additional considerations.
Misconfigurations were the No. 1 vulnerability – The biggest threat to most company's cyber security was actually server misconfigurations, which allowed unauthorized access to data and opened up further vulnerabilities to attack.
Most vulnerabilities are old – Hackers are exploiting vulnerabilities that are two to four years old 44 percent of the time, the report indicated. In fact, all of the top 10 security breaches in 2014 were from vulnerabilities in code that was years or even a decade old.
Addressing these and many other aspects of disaster recovery and preparedness will be an important part of any firm's business continuity planning this year.