This year's Cyber Risk Report examined the 2015 threat landscape and provided actionable intelligence around key areas of risk, including application vulnerabilities, security patching and growing malware monetization. The report also highlighted important industry issues such as new security research regulations, the collateral damage from high profile data breaches, shifting political agendas, and the ongoing debate over privacy and security.

"In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown," Sue Barsamian, senior vice president and general manager, HPE Security Products, Hewlett Packard Enterprise, said. "We must learn from these incidents, understand and monitor the risk environment, and build security into the fabric of the organization to better mitigate known and unknown threats, which will enable companies to fearlessly innovate and accelerate business growth."

The report's other findings included the following:

• Approximately 75% of mobile applications exhibited at least one critical or high-severity security vulnerability, compared to 35% of non-mobile applications.
• Vulnerabilities due to API abuse are much more common in mobile applications than web applications.
• Malware attacks on ATMs use hardware, software loaded onto the ATM, or a combination of both to steal credit card information. In some cases, attacks at the software level bypass card authentication altogether to directly dispense cash.
• More than 100,000 banking Trojans, such as variants of Zeus, ZeuS or Zbot, continue to be problematic despite protection efforts.
• Software vulnerability exploitation continues to be a primary vector for attack, with mobile exploits gaining traction.
• In 2015, Microsoft Windows represented the most targeted software platform, with 42% of the top 20 discovered exploits directed at Microsoft platforms and applications.

The report revealed malware has evolved from simply being disruptive to becoming a revenue-generating activity for attackers. While the overall number of newly discovered malware samples declined 3.6% year over year, the attacks focused heavily on monetization. Ransomware, an increasingly successful attack model, wreaked havoc in 2015, encrypting files of consumer and corporate users alike. Examples of ransomware include CryptoLocker, CryptoWall, CoinVault, BitCryptor, TorrentLocker and TeslaCrypt.

Rangan noted some end-users do not install patches out of fear of unintended consequences. Security teams must be more vigilant about applying patches at both the enterprise and individual user level, and software vendors must be more transparent about the implications of their patches, he said.