- Security TWENTY
- Women in Security
Most 64 percent of info-security people believe their customers could easily be breached as a result of unpatched vulnerabilities in their organisation’s products and applications, while 34 percent of organisations admitted to bypassing security to get products out to market faster
Given the recent Verizon Data Breach Investigations report which found unpatched vulnerabilities caused data breaches in 27 percent of organisations in 2018, you would expect resolving known flaws would be a top priority for organisations, says Outpost24, a cyber-security assessment company.
The study, of visitors at the Infosecurity Europe show in June, pictured, evaluated the opinions of 300 security people and also found 29 percent of respondents were not sure or didn’t believe their organisation’s products and applications would fare well if a security penetration test was carried out on them.
Bob Egner, VP at Outpost24 said: “Our study shows that even despite continuous warnings, organisations today are still leaving their customers at risk because of a failure to address security vulnerabilities in products before they are introduced to market. If organisations are not addressing these security vulnerabilities, they are taking a huge gamble and abusing customer trust. Negligence towards security will eventually lead to disastrous outcomes for technology and application vendors and their customers. There should be no excuses today, especially when security is such a big issue and so many breaches, which have happened up and down the technology stack, are well publicised.”
It was also revealed that despite 39 percent of organisations not introducing security testing from the beginning of the product or application lifecycle, 92 percent of security professionals do agree it is important to carry out security testing on new products and applications.
Egner added: “While many organisations seem to understand the importance of security testing, they are not necessarily putting it into practice. A combination of penetration testing and automated application scanning is a great way to unearth software vulnerabilities in products and applications, and organisations are advised to carry out the process continuously or at least before they put a product out to market. The aim is not to address every single vulnerability detected, but to understand which are the most dangerous to the business and its customers and then work to remediate them first.”
The survey was carried out at the Infosecurity Europe conference at London Olympia and gathered the attitudes of 300 there. For more on the study visit: http://bit.ly/2L9MSaV.