HP BrightTalk Presentation 140813

Summary:

The HP Cyber Security Risk Report outlines a strategy for understanding and combating cyber threats by disrupting the adversary's lifecycle. It emphasizes key trends such as increased vulnerability disclosures, mobile device usage, web application vulnerabilities, and cross-site scripting (XSS). The report identifies five stages in an adversary's lifecycle—Infiltration, Discovery, Capture, Exfiltration—and stresses the importance of developing capabilities to disrupt this cycle through research, education, counterintelligence, and blocking access. The document calls for a proactive approach in cybersecurity measures, emphasizing prevention and protection where possible, while also monitoring systems to detect any compromises. The main goal is to protect critical assets by finding and eliminating adversaries, securing them, and planning mitigation strategies against potential damage. Overall, the report underscores the importance of being prepared and responsive in cyberspace to effectively manage risks.

Details:

The HP Cyber Security Risk Report discusses a comprehensive approach to understanding and addressing cybersecurity threats, particularly focusing on how organizations can disrupt the adversary's ecosystem. The report highlights key trends including increased vulnerability disclosures, mobile device usage becoming significant, web applications posing major vulnerabilities, and cross-site scripting as a primary threat. The document identifies five stages in the adversary's lifecycle: Infiltration, Discovery, Capture, Exfiltration, and highlights the importance of building capability to disrupt this ecosystem through research, education, counterintelligence, and blocking adversary access. The ultimate goal is to protect critical assets by finding and removing adversaries, securing them, and planning mitigation strategies against potential damage. The report emphasizes that organizations should focus on prevention and protection where possible, while also monitoring and analyzing systems to identify any compromises. The overall theme is about being proactive in cybersecurity measures to mitigate risks effectively.