Mobile Security Risks Must be Addressed Prior to Implementation
It is more important than ever for enterprises to protect their corporate IT systems from potential security vulnerabilities, by understanding the threats which are introduced by mobility and connected devices.
In 2014 there was a rise in the level of mobile malware and IoT-related security issues detected within enterprise systems. These technologies offer malicious hackers and cyber criminals additional points of entry and avenues of attack. Consequently, organisations must work harder to strategically mitigate the risks, prior to the adoption of these new technologies.
This was one of the key findings of the 2015 Cyber Risk Report published by HP Security Research yesterday, which is an annual report that highlights the most prevalent vulnerabilities that leave organisations open to security risks. The research also offers analysis around the most pressing security issues which affected the enterprise during the previous year and indicating likely trends for 2015.
It is well documented that security is a key component of planning for any mobile initiatives within an organisation, and it appears that the measures which are being taken to combat such challenges must be increased sooner than later in order to avoid damaging threats to the business.
The aim of the report by HP is to enable organisations to take a proactive approach to security, disrupting the lifecycle of an attack through prevention and real-time threat detection.
Other findings of significance in the 2015 report revealed that 44% of known breaches in 2014 came from vulnerabilities that are between two and four years old. The most prominent IT vulnerability, ahead of privacy, was reportedly server misconfigurations, as they open up unnecessary access to files that leave an organisation susceptible to an attack. Furthermore, software was most commonly exploited due to defects, bugs and logic flaws according to the research.
To combat these issues, the report recommends a comprehensive and timely patching strategy to ensure systems are up-to-date with the latest security protections, regular penetration testing and verification of configurations, collaboration and threat intelligence sharing and a continuous 'assume-breach' approach within the organisation to prepare for the worst.
"Many of the biggest security risks are issues we've known about for decades, leaving organisations unnecessarily exposed," said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products. "We can't lose sight of defending against these known vulnerabilities by entrusting security to the next silver bullet technology; rather, organisations must employ fundamental security tactics to address known vulnerabilities and in-turn, eliminate significant amounts of risk."