Security testing should be a top priority for businesses as industry enters a new hyperconnected age.
Security testing is the process of testing databases, networks and applications for vulnerabilities that could allow malware to invade any given system and either release private data, or cripple business-critical functions.
A report released this week by Osterman Research and Trustwave revealed that many businesses fail to carry out regular security tests.
The survey of 126 security professionals highlighted that 1 in 5 of the businesses surveyed don’t do any security testing, despite the fact that 95% of the respondents reported encountering at least one of the common security issues associated with security vulnerabilities.
>See also: The 7 most dangerous myths of software security
“Emerging trends like shadow IT, mobility and Internet of Things make regular security testing more important than ever,” said Kevin Overcash, director of SpiderLabs at Trustwave.
“This includes both automated security scanning, which will help uncover potential vulnerabilities and weak configurations, and in-depth penetration testing, which is designed to exploit vulnerabilities just like criminals would in the real world.”
Most organisations are not proactive about security testing, with less than 1 in 4 organisations considering themselves ‘very proactive’, according to the report.
Nearly 1 in 3, however, have a ‘non-existent’ security testing policy. It is a reactive policy rather than a proactive one.
>See also: Testing testing – 4 simple IT security mistakes that leave a business vulnerable
While 1 in 5 do not test whatsoever, 66% carry out monthly tests, and most do not perform regular security testing after every infrastructure change.
Security testing and reviews are infrequent and, in some cases, organisations are leaving it up to fate, said the report.
The reason for this attitude, in part, is a result of a security skills shortage.
The report found that the most commonly cited problems with implementing security testing are insufficient staffing, insufficient time with which to perform the security tests, and insufficient skills to support regular testing.
Cyber threats are already outgunning cyber defences on the digital battlefield.
>See also: The four ways to deal with web application security: which is right for you?
If preventative measures and testing are not applied then the impact of these increasingly sophisticated attacks will continue to get worse, and unbeatable.
There needs to be an attitude change in the boardroom, with a policy shift directed towards security testing, – with the capability of upgrading cyber security systems accordingly.
“This report should be a major wake-up call for businesses and government agencies that a new approach and strategy for security vulnerability testing is required to better fortify databases, networks and applications against data theft and breaches,” said Michael Osterman of Osterman Research.
“Organisations need to look at security testing more comprehensively and perform it more frequently. Increasingly, security-savvy organisations are turning to managed security services providers for help in this area.”
