Study: Security vulnerabilities putting businesses at risk

“This report should be a major wake-up call for businesses and government agencies that a new approach and strategy for security vulnerability testing is required to better fortify databases, networks and applications against data theft and breaches,” said Michael Osterman of Osterman Research. “Organizations need to look at security testing more comprehensively and perform it more frequently. Increasingly, security-savvy organizations are turning to managed security services providers for help in this area.”

The study, conducted by Osterman, found that more than half of businesses consider their security efforts ‘somewhat proactive’, and less than 1 in 4 consider their efforts ‘very proactive’. About one-fifth have not conducted any security tests in the past six months.

“Emerging trends like shadow IT, mobility and Internet of Things make regular security testing more important than ever,” said Kevin Overcash, Director of SpiderLabs at Trustwave. “This includes both automated security scanning, which will help uncover potential vulnerabilities and weak configurations, and in-depth penetration testing, which is designed to exploit vulnerabilities just like criminals would in the real world.”

Other interesting findings from the report include:

• Of those who do test for security, 66% test less than once/month
• 2/3 say security testing is valuable, although they don’t do it
• 25% say they perform security reviews only quarterly or annually