Report

HPE Cyber Risk Report 2016

An in-depth 96-page report detailing today's cyber threats

The 96-page Hewlett Packard Enterprise (HPE) Cyber Risk Report 2016 offers a broad view of the current threat landscape, ranging from industry-wide data to a focused look at different technologies, including open source, mobile, and the Internet of Things. The goal: Provide security information that leads to a better understanding of the threat landscape, and deliver resources you can use to minimize security risk

To provide a broad perspective on the nature of the attack surface, the report draws on data from HPE security teams, open source intelligence, ReversingLabs, and Sonatype. Key themes in this comprehensive report include:

  • The year of collateral damage - 2015 was the Year of Collateral Damage as certain attacks touched people who never dreamed they might be involved in a security breach.
  • Overreaching regulations push research underground - When horrific events occur impacting the lives of many, there is a natural reaction to do something to try to prevent future occurrences.
  • Moving from point fixes to broad impact solutions - While it is laudable that Microsoft® and Adobe® both released more patches than at any point in their history, it remains unclear if this level of patching is sustainable. It strains resources of both the vendor developing the patch and the customer deploying the patch. Microsoft and others must invest in these broad, asymmetric fixes that knock out many vulnerabilities at once.
  • Political pressures attempt to decouple privacy and security efforts - A difficult and violent year on the global scene, combined with lingering distrust of American tech initiatives in the wake of revelations by Edward Snowden and other whistleblowers, led to a fraught year for data privacy, encryption, and surveillance worldwide.
  • The industry didn’t learn anything about patching in 2015 - The most exploited bug from 2014 happened to be the most exploited bug in 2015 as well—and it’s now over five years old.
  • Attackers have shifted their efforts to directly attack applications - The perimeter of your network is no longer where you think it is. With today’s mobile devices and broad interconnectivity, the actual perimeter of your network is likely in your pocket right now. Attackers realize this as well and have shifted their focus from servers and operating systems directly to applications.
  • The monetization of malware - Just as the marketplace has grown for vulnerabilities, malware in 2015 took on a new focus. In today’s environment, malware needs to produce revenue, not just be disruptive. This has led to an increase in ATM-related malware, banking Trojans, and ransomware.

At first glance, the HPE Cyber Risk Report 2016 is disturbing–even a bit frightening. Cybercriminals are well organized, smart, and continue to find new ways to exploit today’s digital economy. Businesses, governments and other organizations are at risk. And so are you.

It’s not all doom and gloom, though. When it comes to cyber risk, awareness is the foundation of a good defense. Knowledge is power, and the HPE Cyber Risk Report 2016 is full of intelligence and insights that can help individuals and organizations better understand the threat landscape and take appropriate measures to protect themselves. 

Here are three important reasons you should read the 2016 report:

  • The game is changing. Think you’ve heard it all? Well, the cyber-risk landscape is continually changing. For example, in 2015, attacks shifted to the new perimeter – likely in your pocket. Today’s mobile devices and broad interconnectivity are attracting attackers and expanding the threat landscape.
  • You are more vulnerable than you think. Applications and platforms that you might use every day are the biggest targets of exploits. In fact, there are now more than 10,000 new Android threats discovered every day – a 153 percent year-over-year increase. Meanwhile, malware attacks on the Apple iOS platform grew 235 percent in 2015.
  • There’s more at stake than ever. 2015 was the Year of Collateral Damage. Numerous attacks affected people who never dreamed that they might be involved in a security breach. For example, background investigation records of current, former and prospective Federal employees and contractors were stolen from a database at the U.S. Office of Personnel Management (OPM), including names, addresses and Social Security numbers. Many of those victimized didn’t even know they were in the OPM database.

What can you do? Download the HPE Cyber Risk Report 2016 today, read it and share with peers, friends, customers, partners and others in your sphere of influence. Then, take steps to reduce your cyber risk today.


The HPE Cyber Risk Report 2016 is produced by Hewlett Packard Enterprise Security Research. For more, meet the researchers behind the report.

Get this report delivered to your inbox

Success

You have unlocked a free copy of HPE Cyber Risk Report 2016

You may download the report from this page at any time.

GET IT NOW

An in-depth 96-page report detailing today's cyber threats

The 96-page Hewlett Packard Enterprise (HPE) Cyber Risk Report 2016 offers a broad view of the current threat landscape, ranging from industry-wide data to a focused look at different technologies, including open source, mobile, and the Internet of Things. The goal: Provide security information that leads to a better understanding of the threat landscape, and deliver resources you can use to minimize security risk

To provide a broad perspective on the nature of the attack surface, the report draws on data from HPE security teams, open source intelligence, ReversingLabs, and Sonatype. Key themes in this comprehensive report include:

  • The year of collateral damage - 2015 was the Year of Collateral Damage as certain attacks touched people who never dreamed they might be involved in a security breach.
  • Overreaching regulations push research underground - When horrific events occur impacting the lives of many, there is a natural reaction to do something to try to prevent future occurrences.
  • Moving from point fixes to broad impact solutions - While it is laudable that Microsoft® and Adobe® both released more patches than at any point in their history, it remains unclear if this level of patching is sustainable. It strains resources of both the vendor developing the patch and the customer deploying the patch. Microsoft and others must invest in these broad, asymmetric fixes that knock out many vulnerabilities at once.
  • Political pressures attempt to decouple privacy and security efforts - A difficult and violent year on the global scene, combined with lingering distrust of American tech initiatives in the wake of revelations by Edward Snowden and other whistleblowers, led to a fraught year for data privacy, encryption, and surveillance worldwide.
  • The industry didn’t learn anything about patching in 2015 - The most exploited bug from 2014 happened to be the most exploited bug in 2015 as well—and it’s now over five years old.
  • Attackers have shifted their efforts to directly attack applications - The perimeter of your network is no longer where you think it is. With today’s mobile devices and broad interconnectivity, the actual perimeter of your network is likely in your pocket right now. Attackers realize this as well and have shifted their focus from servers and operating systems directly to applications.
  • The monetization of malware - Just as the marketplace has grown for vulnerabilities, malware in 2015 took on a new focus. In today’s environment, malware needs to produce revenue, not just be disruptive. This has led to an increase in ATM-related malware, banking Trojans, and ransomware.

At first glance, the HPE Cyber Risk Report 2016 is disturbing–even a bit frightening. Cybercriminals are well organized, smart, and continue to find new ways to exploit today’s digital economy. Businesses, governments and other organizations are at risk. And so are you.

It’s not all doom and gloom, though. When it comes to cyber risk, awareness is the foundation of a good defense. Knowledge is power, and the HPE Cyber Risk Report 2016 is full of intelligence and insights that can help individuals and organizations better understand the threat landscape and take appropriate measures to protect themselves. 

Here are three important reasons you should read the 2016 report:

  • The game is changing. Think you’ve heard it all? Well, the cyber-risk landscape is continually changing. For example, in 2015, attacks shifted to the new perimeter – likely in your pocket. Today’s mobile devices and broad interconnectivity are attracting attackers and expanding the threat landscape.
  • You are more vulnerable than you think. Applications and platforms that you might use every day are the biggest targets of exploits. In fact, there are now more than 10,000 new Android threats discovered every day – a 153 percent year-over-year increase. Meanwhile, malware attacks on the Apple iOS platform grew 235 percent in 2015.
  • There’s more at stake than ever. 2015 was the Year of Collateral Damage. Numerous attacks affected people who never dreamed that they might be involved in a security breach. For example, background investigation records of current, former and prospective Federal employees and contractors were stolen from a database at the U.S. Office of Personnel Management (OPM), including names, addresses and Social Security numbers. Many of those victimized didn’t even know they were in the OPM database.

What can you do? Download the HPE Cyber Risk Report 2016 today, read it and share with peers, friends, customers, partners and others in your sphere of influence. Then, take steps to reduce your cyber risk today.


The HPE Cyber Risk Report 2016 is produced by Hewlett Packard Enterprise Security Research. For more, meet the researchers behind the report.