Businesses at risk from poor third-party software, mobile apps

sincity · February 5, 2014

Companies may be using poorly encrypted or misconfigured mobile software, leaving them vulnerable to attack, says HP.

HP Security Research has released its Cyber Risk Report 2013, aiming to identify the top security vulnerabilities for enterprises.

The latest report highlights factors that are contributing the most to the growing cyberattack threat. Among these are the increased reliance on mobile devices, the increased use of insecure software and the growing use of Java.

The risk factor that mobile devices bring to companies was especially prevalent in HP's study. In testing 500,000 Android mobiles, HP report finding "major discrepancies" between what was classed as malware and what was not.

A further 46 per cent of apps studied in the survey also used encryption improperly. Developers are using weak algorithms or misusing strong ones, according to HP, rendering their protection ineffective.

Expanding threats

HP also reports that despite the continued research into security risks and vulnerabilities, the number of publicly disclosed attacks has decreased by 6 per cent year over year.

The survey offers some recommendations for securing businesses and companies from cyberattack. Among these are remaining vigilant about potential pitfalls in security software and third-party code, keeping a well-qualified group of staff to effectively recognise threats and collaborating and sharing intelligence with the cyber security industry.

"The industry must band together to proactively share security intelligence and tactics in order to disrupt malicious activities driven by the growing underground marketplace," said Jacob West, chief technology officer, Enterprise Security Products, HP. "Adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface."