From RSA: HP's 'Cyber Risk' Report Sees Cyber Risks Escalating
HP has reported that the number of software vulnerabilities disclosed in 2012 topped 8,000, a near 20 percent increase on the previous year.
According to HP's 2012 Cyber Risk Report, the majority of disclosures were rated as posing a "mid-level" threat for businesses, with web applications highlighted as a significant risk.
The report's authors said that understanding the risks present is a key to controlling future cyber attacks. HP chief technology officer of enterprise security Jacob West told V3 that as attacks become more advanced using intelligence is essential to handling firm's security.
"Attackers are constantly evolving their techniques to evade even the most sophisticated security tools," West said.
"Security intelligence is essential to help organisations understand their security posture and risk profile, determine how to prioritise that risk, and link security with IT operations."
The report found that 2012 disclosures levels were the highest since 2006. Of the disclosures discovered in 2012, 44 percent was found to be of a mid-level severity. Another 36 percent was reported to be of a high-level severity. Just 20 percent of vulnerabilities disclosed were regarded as low-level risks.
A key area for last year's security concerns was the use of web applications. Web-based apps were found to cause six major types of vulnerabilities in 2012, says the report. SQL injection, cross-site scripting, denial of service, buffer overﬂow, cross-site request forgery, and remote file vulnerabilities were found to be the most frequent vulnerabilities disclosed.
HP also found that cross-site scripting vulnerabilities were the most common issue found last year. The firm reported that it found 45 percent of vulnerabilities were based on cross-site scripting.
Insufficient transport layer protection was the second most common vulnerability reported by HP. According to the report, insufficient transport layer protection was the second most common weakness with a 26 percent rate.