In today’s hacking world, hackers can gain access to sensitive data with little efforts. “It’s a bit depressing,” said Chandra Rangan, vice president marketing, HPE Security Products at Hewlett Packard Enterprise, discussing some of the findings published in HPE’s Cyber Risk Report 2016.
“Attackers are lazy. They want maximum bang for the buck, so they will go for low-hanging fruit,” Rangan said, noting that the most exploited bug in 2015 was over five years old. It was also the top bug in 2014.
As per the new findings, the top 10 vulnerabilities leveraged by attackers in 2015 are more than a year old. Half of them are at least five years old.
According to Rangan, there is a shift in which applications, rather than servers or operating systems, are used as a primary attack vector.
As per the recent survey:
- 95 percent of newly discovered malware samples are found on Microsoft Window
- 42 percent of exploits targeting Microsoft Window
- 18 percent of the total exploits targeting Android
- 12 percent of exploits on Java
- Microsoft Office 11 percent
- Adobe attacked by 14 percent, evenly divided between Flash and Reader exploits
- 75 percent of the mobile apps scanned by HPE had at least one vulnerability
Some software developers “seem to be making a tradeoff between speed and security,” Rangan said. “There is a whole new crop of app developers, and they are saying ‘how quickly can I get this app to market and how quickly can I monetize it?’ When you are in that mode, you are less likely to use the development processes and methodologies that include multiple security checks.”
“You do not need to make a tradeoff, and you do not need to use the old-school waterfall development model. There are plenty of technologies out there where you can build security into the very fabric of your apps.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.