Seven Surprising Trends from HP's Security Risk Report

1 - Seven Surprising Trends from HP's Security Risk Report
2 - Total Number of Disclosures Grew in 2013
3 - ZDI Bought More IE Flaws Than Any Other Product
4 - SCADA Submissions Are Up
5 - Mobile Apps Provide Unnecessary Permissions
6 - Encryption: The Leading Mobile App Security Issue
7 - Trojans Dominate the Android Malware Landscape
8 - Software Is Leaking Information
1 of 8

Seven Surprising Trends from HP's Security Risk Report

by Sean Michael Kerner

2 of 8

Total Number of Disclosures Grew in 2013

The volume of vulnerabilities reported by HP's Zero Day Initiative (ZDI) increased in 2013 from 2012, though still did not reach the high point achieved in 2011.

3 of 8

ZDI Bought More IE Flaws Than Any Other Product

ZDI acquires all manner of software vulnerabilities; though in 2013, Microsoft's Internet Explorer was the clear leader. Jacob West, CTO of enterprise security products at HP, told eWEEK: "IE is the most prevalent browser on the systems that attackers want to compromise."

4 of 8

SCADA Submissions Are Up

Supervisory control and data acquisition systems play a critical role in industrial infrastructure. HP has noticed a trend in recent years with an increasing number of SCADA vulnerability submissions.

5 of 8

Mobile Apps Provide Unnecessary Permissions

HP's report also highlights mobile app security trends and found that 74 percent of apps ask users for unnecessary permissions. More than half of all mobile app security issues were attributed to insecure client-side (as opposed to server-side) operations.

6 of 8

Encryption: The Leading Mobile App Security Issue

Looking into the root causes of the mobile app client-side issues, HP found that 46 percent of apps do not use or properly implement encryption.

7 of 8

Trojans Dominate the Android Malware Landscape

When it comes to Android malware, Trojans are dominant and, in particular, HP found that the "Plankton" Android Trojan was the most downloaded in 2013.

8 of 8

Software Is Leaking Information

Although there are multiple avenues that an attacker can take to exploit a user or enterprise, HP found software security, in general, to be somewhat lacking with more than half of all applications with weaknesses that provide information that an attack could potentially leverage.

Top White Papers and Webcasts