Without understanding security risks, organizations may ignore critical vulnerabilities. In a Security Intelligence article, Larry Ponemon of the Ponemon Institute and Neil Jones recently reported on a dangerous lack of application risk awareness. Even though there are an increasing amount of threats out there for app developers and users, high-ranking members of companies don’t seem to be keeping up with the latest issues.
“High-ranking members of companies aren’t keeping up with the latest issues”
This data comes from the Institute’s recent State of Application Security Risk Management Report, which presents several alarming statistics for upper management to consider. Not only did 70 percent of the respondents say their organizations aren’t dedicating enough resources to fighting risks, 60 percent said that management teams “underestimate potential application security risk.”
On top of that, 46 percent said they didn’t conduct any testing at all. The authors broke this down to note that 35 percent of subject organizations didn’t perform static, dynamic, interactive or mobile application security testing.
These findings reflect similar statistics from Hewlett Packard Enterprise’s Cyber Risk Report 2016. According to Inside SAP, this report found that applications, particularly mobile apps, use a high amount of sensitive information and represent a steadily increasing security hazard.
The company’s general manager of enterprise security products, Shane Bellos, said companies need to take action to improve their current security.
“In 2015, we saw attackers infiltrate networks at an alarming rate, leading to some of the largest data breaches to date, but now is not the time to take the foot off the gas and put the enterprise on lockdown,” Bellos said. Applications could only continue to pose a threat as app availability grows, making software security awareness a critical issue.
This same source claims that CVE-2010-2568 was the most exploited flaw of 2015. This vulnerability, identified by Microsoft in 2010, allows hackers to potentially obtain legitimate user rights, perhaps allowing malicious code within a Windows OS.
Employing application security testing will let organizations take threats seriously and come up with the best solution. Contact PSC to learn how to start this process today.Share