HP Releases Cyber Security Risk Report, Organizes Its Security ResearchBy: Sean Patterson - February 26, 2013
Though the focus of the tech press this week will certainly be on the Mobile World Congress in Barcelona, security researchers are having their own RSA conference this week in San Francisco.
HP has managed to find itself at both conferences, straddling the line between its classic form as a hardware manufacturer and the enterprise products it sees as its future. While the newly announced HP Slate 7 might not have the hardware to truly compete in the mini-tablet market, HP is still hoping that its enterprise security offerings might be just the thing businesses are looking for.
At the RSA conference today, HP has released its 2012 Cyber Security Risk Report. The report shows, predictably, that total security vulnerabilities are rising, keeping pace with the growing technology infrastructure. Although the report also shows that “critical vulnerabilities” are down, it warns that the existing vulnerabilities are getting harder to fight.
The report looked at 100,000 different URLs and found that well-known vulnerabilities (such as cross frame scripting) are still common throughout the web. In fact, 40% of the vulnerabilities found could be placed into just four different categories.
Mobile vulnerabilities were found to have risen significantly (68%) from 2011 to 2012, mirroring the growth of mobile applications. Of the mobile applications tested by HP, 48% of them were found to have unauthorized access vulnerabilities.
The report’s statistics are reminiscent of other recent security reports, such as the HP-sponsored 2012 Cost of Cyber Crime Study or Verizon’s 2012 Data Breach Investigation Report, which found that anonymous “hacktivism” is on the rise. Though it may seem that such reports are, literally, trying to scare up business, its clear from many sources that the security risks faced by businesses and governments of all sizes are complicated and increasing.
The security report is part of a new initiative within HP to organize its security investments under the banner of the HP Security Research (HPSR) group. HP security products such as DVLabs, which finds and analyzes vulnerabilities, and the Zero Day Initiative, which investigates cyber attacks and security breaches.
“It’s a way of combining intelligence research that was already happening at HP,” said Mark Painter, product marketing manager at HP. “Really what we’re trying to do is give organizations actionable intelligence research.”
That “actionable intelligence” phrase is one that came up repeatedly when Painter spoke with WebProNews. It’s one of the goals of HPSR, along with trying to “drive innovation” and publish security research. To that end, the group will be providing free bi-weekly threat intelligence briefings that are available to the public. The HPSR will also seek to publish white papers and intelligence research, and will be releasing podcasts in conjunction with the threat briefings.