A recent HP survey found that the top 10 vulnerabilities exploited in 2014 were developed years or even decades ago.
The Cyber Risk Report 2015 revealed that these known issues and server misconfigurations were the biggest security challenges facing enterprises.
In fact, the survey found that of the top 10 exploits noted in 2014, none actually took advantage of zero day attacks.
“We’ve spent all this time telling customers that they should worry about these new, undiscovered attacks and we’ve all focusing on the wrong area. We need to be going back to the basics,” said Art Gilliland, senior Vice President and General Manager for Enterprise Security products at HP.
Server misconfigurations are still a significant problem with exploits taking advantage of the fact we are not managing our systems well, Gilliland said.
“One reason they may not be up to date in their patching regime is that patching, especially for newly deployed servers, is often a layered thing where you need to install the patches in sequence, and there are other many of them,” said Gilliland,“If you miss even one, then a vulnerability still exists in the system.”
Security spending thus far has mainly been on blocking hackers but Gilliland said that they only need to be right once. Rather than looking for a single “magic product” to protect or solve any problems, what users should be looking at is risk mitigation. “Since we can’t block everything, we need to manage the risk,” he added.
Last year also saw an increase in the level of mobile malware detected. As the computing ecosystem continues to expand, unless enterprises take security into consideration, attackers will continue to find more points of entry.