Hewlett Packard Enterprise (HPE) recently released its annual cybersecurity report. Even though we know that the threats are becoming more sophisticated and the bad guys are doing a good job at staying one step ahead of us, the report found that our cybersecurity problems are actually mired in the past. The bad guys are pulling ahead, and enterprise is struggling to keep up with “old problems and known issues.” Or, as the report discovered, well-known threat vectors are cohabitating with the latest attack methodologies, and this is setting up businesses – and in turn, their customers – to be the victims of an unprecedented amount of data theft.
So much so that HPE dubbed 2015 the Year of Collateral Damage. No longer is it simply a matter of a company being breached; now up for grabs is information that can destroy innocent lives through identity theft and fraud – and those affected often have no way to protect themselves or even know that their information is at risk until too late. As eWeek pointed out, the Office of Personnel Management (OPM) is a prime example.
The article said that even those who had some connection with a government employee or contractor had been victims of that breach. (I know this as fact, as I received one of those “your information may have been compromised” letters from OPM. While I have never worked for the government or undergone a security background check, close family members have.) As Jewel Timpe, senior manager for threat research with Hewlett Packard Enterprise Security Research, explained in the article:
This is the notion that there have been breaches of data, where people were affected, but they had no expectation they would in fact be impacted.
And, Timpe added, businesses have learned nothing from these breaches and security breakdowns, adding that little is being done, even in the most obvious forms of security. The report found that enterprise fails miserably when it comes to patching vulnerabilities, and in turn, we continue to be hit by years-old malware. Timpe said in eWeek:
The No. 1 vulnerability exploited in 2015 was the same Stuxnet vulnerability (CVE-2010-2568) that was a top exploit in 2014.
Why are we still so susceptible to old security problems? The HPE report touched on that, too, hinting that political pressures to protect privacy are actually hurting security. Until privacy and security concerns are targeted as parallel issues, rather than thinking privacy and security are at odds (yes, you can have one with the other), and until lawmakers understand this, data continue to be at risk. As Sue Barsamian, senior vice president and general manager, HPE Security Products, said in a formal statement:
We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba