Cyber Report: 2015 Was the Year of Collateral Damage
The annual cyber risk report — which was produced by Hewlett Packard Enterprise and released in February — said breaches affected citizens who never dreamed they would be involved in such an intrusion.
“Folks are seeing that not only do these hacks result in perhaps the theft of your personal data, your identity data, but … [hackers] can do an awful lot of very bad things with it,” said Denby Starling, HPE’s vice president and account executive for Navy and Marine programs. “They can not only steal your money, they not only can impersonate you online, but they in some cases can embarrass you publicly.”
The report found that while organizations such as Microsoft and Adobe released more patches than ever before, that was not enough to stymie some viruses.
“The most exploited bug from 2014 happened to be the most exploited bug in 2015 as well — and it’s now over five years old,” the report said, referring to a virus known as CVE-2010-2568. “While vendors continue to produce security remediations, it does little good if they are not installed by the end user.”
The necessity for users to download patches isn’t new, but it still isn’t being done, Denby said.
Hewlett Packard Enterprise — which runs the Navy and Marine Corps’ Intranet — puts a premium on improving the services’ networks with a variety of updates, he said.
Users, in general, sometimes resist installing necessary security patches because they are afraid that the software upgrade will break existing applications, the report found. It called on industry to build more trust with users to “to help restore faith in automatic updates.”
Microsoft Windows was overwhelmingly the top platform for malware with 94 percent of such software targeting the platform. Android systems accounted for 3 percent, the report said.
As the report looked toward 2016, it said there would be a focus on metadata, the Internet of Things, encryption and security.