Most Don’t Trust Their Web Applications Security
Santa Clara, Calif. — Oct. 16
Cenzic Inc., a provider of application security vulnerability assessment and risk management solutions, and Executive Alliance have released the results of a study that examines that state of application security, “The Voice of IT Leadership on Web Security: 2007.”
The survey focuses on security issues and insights affecting the C-level executive, with the results reflecting responses from 476 information security professionals.
The survey uncovered that among executives there is a general lack of confidence in current solutions and methods protecting companies from being hacked, with half of respondents either partially or not at all confident that their current application security methods and solutions can protect their organization’s Web site from hackers.
“This survey confirms what we’ve heard from our customers, that most corporations don’t trust that their Web applications are secure,” said John Weinschenk, Cenzic CEO and president. “Companies are struggling to protect their Web applications and they are anxiously working to stay one step ahead of hackers whose efforts become more sophisticated with each attack. Cenzic’s role is to provide the software and services that help companies automate the security process and ultimately keep their applications and data secure.”
The highlights from the survey point out some disconcerting trends within the industry. Although the majority of C-level executives are aware that security initiatives are needed within their organization, the bulk of organizations surveyed do not have the resources or budget to do a more thorough job of continuously testing their applications, making them susceptible to various forms of malicious hack attacks and cybercrime.
Other key findings in the study include:
- Data breach cited as highest priority application security risk in 2007. Identity theft, data breaches, unauthorized access and downed Web sites are the key security risks that security professionals sited as their highest priority to stop.
- More than half of the respondents fear losing their job if there was a security breach.
- Low confidence that senior management or board of directors understand the costs and liabilities in case of a Web site hacking. Fewer than 19 percent of respondents are confident that their senior management and board of directors truly understand the costs, losses and other implications associated with a Web application security breach.
- Almost 60 percent of respondents dedicate less than 10 hours per week to securing their Web applications. Fewer than 20 percent of organizations have an employee dedicated to the task of securing their applications.
- Only about 10 percent of respondents classify their testing of Web applications in pre-deployment as “excellent.”
- Forty-four percent of respondents cite customer’s confidential information loss as posing the biggest financial problem for an organization.
- More than half of respondents say Web application security awareness training is a priority. But 43 percent of respondents agree that there is not adequate funding for training within their organizations.