PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact



HP Cyber Risk Report 2015 Infographic .pdf


Original filename: HP Cyber Risk Report 2015 Infographic.pdf
Title: Slide 1
Author: Daniel Yeh

This PDF 1.5 document has been generated by Microsoft® PowerPoint® 2013, and has been sent on pdf-archive.com on 16/03/2015 at 13:46, from IP address 82.176.x.x. The current document download page has been viewed 553 times.
File size: 282 KB (1 page).
Privacy: public file




Download original PDF file









Document preview


HP Security Research
Cyber Risk Report 2015
The annual Cyber Risk Report from HP Security Research provides
organizations with a better understanding of the threat landscape
and supplies resources that can aid in minimizing security risk. This
year’s report features perspectives drawn from advanced data
analysis and takes a focused look at multiple technologies, including
open source, mobile, and the Internet of Things.

Déjà Vu: Attackers Focusing on Older Vulnerabilities

8227

days from launch of first Windows version affected
by CVE-2014-4114 (“Sandworm”) vulnerability to
release of the patch - April 16, 1992 to October 14,
2014

33% of all exploit samples discovered

Top Exploits
Discovered in 2014

in 2014 used an infection vector first
detected in use in 2010, in Stuxnet

CVE-2010-2568
CVE-2010-0188
CVE-2013-2422

59

22%

CVE-2012-1723

33%
33%

CVE-2012-0507

2%
CVE-2012-0158 2%
CVE-2013-2465 3%
CVE-2012-4681 3%

combined maximum age, in years, of the code in
the high-profile Heartbleed, Shellshock, and
POODLE zero-days

4%
4%
7% 9%

CVE-2013-2423

7 of the top 10 exploits found overall in 2014

CVE-2009-3129

11%

Others

targeted vulnerabilities over 2 years old

Server Misconfigurations Top Vulnerability List

2013

80%

68%

60%

60%

58%

40%

53%

VS.

48%

86%

72%

20%

2014

0%

Web Server
Cookie Security
System
Privacy Violation
Misconfiguration
Information Leak

Cross-Frame
Scripting

• Year-over-year change in % of web apps
that exhibit one or more flaws in
“Security Feature” development

• Server misconfigurations were the most common
category of vulnerabilities across all analyzed apps

Spotlight on Mobile
Top Mobile App Vulnerabilities

Number of Android ransomware
samples detected in 2014, by quarter
(through November)

74%

Privacy Violation

71%

Insecure Storage

66%

Insecure Transport

324+

350
300
250
200
150
100
50
0

0
Q1

52

69

Q2

Q3

Q4

Notable Numbers, Rankings, and Statistics

0

Major Oracle Java zerodays discovered in the
wild in 2014

6

On our minds:

Pre-2014 Oracle Java
vulnerabilities in the list
of top ten 2014 exploit
samples

#1

Rank of Microsoft as subject of ZDI
disclosures in 2014

malware

Search

top keyword searched by security practitioners
(even besting “Security”)

#11

Rank of most-exploited IE
vulnerability in Top 50 CVEs list

#6
Rank of most-exploited MS Office
vulnerability in Top 50 CVEs list

HP Zero Day Initiative

400+

Record-breaking number of highseverity vulnerabilities disclosed and
remediated through the ZDI

US
Canada
Italy
Countries with highest submission
rates to the ZDI since 2004

3000+

Independent researchers working
with the ZDI to expose and remediate
weaknesses

Recommendations

Understand the
changing threat
landscape

Develop and follow
a patch strategy

Conduct penetration Employ
testing and
complementary
configuration
technologies
verification

Share threat
intelligence with the
community

Learn More
Visit hp.com/go/cyberrisk to download the full report and access all Cyber Risk Report resources.
Brought to you by HP Security Research
© Copyright 2015 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.


Document preview HP Cyber Risk Report 2015 Infographic.pdf - page 1/1

Related documents


hp cyber risk report 2015 infographic
hp cyber risk report 2015 executive summary
hp cyber risk report 2015
cybersecurity
qvm datasheet
web application penetration test


Related keywords