hp-security-research-cyber-risk-report-pdf-2-w-1408

HP Security Research | Cyber Risk Report 2015IntroductionEditors’ note: While our previous CyberRisk Reports were numbered accordingto the year of data covered (e.g., “CyberRisk Report 2013” was released in2014), we are updating our numberingconvention to match industry practices.Welcome to the HP Cyber Risk Report 2015. In this report weprovide a broad view of the 2014 threat landscape, rangingfrom industry-wide data down to a focused look at differenttechnologies, including open source, mobile, and the Internetof Things. The goal of this Report is to provide securityinformation leading to a better understanding of the threatlandscape, and to provide resources that can aid in minimizingsecurity risk.It is my pleasure to welcome you to our 2015 Cyber Risk Report. HP Security Research publishes many documentsthroughout the year detailing our research and findings, but our annual Risk Report stands slightly removed from theday-to-day opportunities and crises our researchers and other security professionals face.A look back at security developments over the course of a full year serves an important purpose for those charged withshaping enterprise security responses and strategies. In the wake of the significant breaches of 2014, I believe it’s moreimportant than ever that our cyber security research team continues to provide an elevated perspective on the overall trendsin the marketplace.The global economic recovery continued this year, and it was probably inevitable that as businesses rebounded, the securitychallenges facing them became more complex. Enterprises continued to find inexpensive access to capital; unfortunately,so did adversaries, some of whom launched remarkably determined and formidable attacks over the course of the year asdocumented by our field intelligence team.Our researchers saw that despite new technologies and fresh investments from both adversaries and defenders alike, thesecurity realm is still encumbered by the same problems—even in some cases by the very same bugs—that the industryhas been battling for years. The work of our threat research and software security research teams revealed vulnerabilitiesin products and programs that were years old—in a few cases, decades old. Well-known attacks were still distressinglyeffective, and misconfiguration of core technologies continued to plague systems that should have been far more stable andsecure than they in fact proved to be.We are, in other words, still in the middle of old problems and known issues even as the pace of the security world quickensaround us. Our cyber security research team has expanded over the course of the year, and so has this Risk Report, bothcovering familiar topics in greater depth and adding coverage of allied issues such as privacy and Big Data. In addition, ourpeople work to share their findings and their passion for security and privacy research with the industry and beyond. ThisRisk Report is one form of that; our regular Security Briefings and other publications are another form, and we hope toremain in touch with you throughout the year as themes presented in this Report are developed in those venues.Security practitioners must ready themselves for greater public and industry scrutiny in 2015, and we know that threatactors—encouraged by public attention paid to their actions—will continue their attempts to disrupt and capitalize on bugsand defects. The HP Security Research group continues to prepare for the challenges the year will doubtless pose, and alsointends to invest in driving our thought leadership inside the security community and beyond it.Art GillilandSVP and General Manager, Enterprise Security Products