The primary goal of bTrade’s MFT Nation blog is to provide our readers with pertinent information in the world of managed file transfer and cybersecurity. Last month, Hewlett Packet released its 74-page Cyber Risk Report in which HP discusses the most pressing cybersecurity issues that enterprises faced in 2014.
What the Report Revealed
The Cyber Risk Report revealed that well-known issues and misconfigurations contributed to the most dangerous cyber threats in 2014. Per an HP press release: “Many of the biggest security risks are issues we’ve known about for decades, leaving organizations unnecessarily exposed,” said Art Gilliland, senior vice president and general manager of enterprise security products at HP. “The reason companies keep getting attacked is the lack of sufficient patching of the vulnerabilities that exist, as well as misconfiguration of the technologies they are using,” stated Gilliland.
Listed below are some highlights and key findings from the report:
- 44 percent of known breaches came from vulnerabilities that are 2-4 years old.
The top ten vulnerabilities exploited in 2014 took advantage of code written years or even decades ago.
- Server misconfigurations were the number one vulnerability.
Enterprises need to implement testing and verification processes so they can identify configuration errors before attackers exploit them.
- Lack of sufficient patching
Enterprises need to ensure that their systems are up-to-date with the latest security protections to reduce the likelihood of these attacks succeeding.
- The primary causes of commonly exploited software vulnerabilities are defects, bugs, and logic flaws.
Most of these vulnerabilities stem from a small number of common software programming errors which can be easily fixed.
How to Prevent Attacks
HP recommends that enterprises address known vulnerabilities which will, in turn, significantly reduce the risk of future cyber attacks. Some of HP’s recommendations for warding off future attacks include:
- Deploying a secure encryption technology
Encryption technology will help enterprises achieve the flexibility, compliance and data privacy required.
- Deploying a comprehensive and timely patching strategy
Having a proactive patching strategy in place greatly reduces downtime, lowers rates of virus infection as well as hacker attacks.
- Identifying issues through regular penetration testing and verification of configurations
It will be important to implement both penetration and vulnerability testing. Penetration testing puts more of an emphasis on gaining as much access as possible to your internal information while vulnerability testing places the emphasis on identifying areas that are vulnerable to a hacker attack.
- Understanding new avenues of attack before they are exploited
Enterprises should employ a protection strategy and an “assume-breach” mentality. They should also implement a layered set of security tactics to ensure the best defense.
Conclusion
Enterprises need to remain vigilant and protect themselves from the above-mentioned threats. The Cyber Risk Report highlights the active vulnerabilities and recommends that enterprises need a more proactive defense and the strengthened protections offered in third party security solutions.
bTrade Can Help You Secure Your Data
Data breaches have become so common that many in the business world react to such news with little more than a shrug of the shoulders. A data breach should not become commonplace or recurring, and enterprises definitely should not be complacent. Protect your organization by deploying a managed file transfer solution that can securely and effectively transmit, store and manage confidential data. Please email us at info@btrade.com to learn how bTrade solutions can help keep your data secure.
