One in five companies fail to test for security vulnerabilities
Many businesses don't carry out frequent security testing despite believing that it's critically important to securing their systems and data, according to a new survey.
The study from managed security services company Trustwave and Osterman Research finds that one in five businesses surveyed don't do any security testing, despite the fact that 95 percent of respondents reported encountering common security issues associated with security vulnerabilities.
Among other findings are that when organizations do conduct testing, most do it using a combination of in-house resources and third-party testing services, although two in five organizations manage security testing only in-house.
Among the main security testing challenges discovered in the survey, the most commonly cited are lack of staffing, not enough time with which to perform the security tests, and insufficient skills to support regular testing. To address these issues, a large proportion of those surveyed are open to the idea of using third parties, like managed security services providers, to perform security testing on their behalf. Of those surveyed 35 percent already partner with a third-party for security testing, and another 21 percent plan to do so during the next year.
Fewer than one in four organizations considers themselves to be 'very proactive' in the context of security testing, while nearly one-half are 'somewhat proactive'. However, nearly one-third of organizations consider themselves 'somewhat' to 'very' reactive about security testing, or that their security testing posture is 'non-existent'.
"Emerging trends like shadow IT, mobility and Internet of Things make regular security testing more important than ever," says Kevin Overcash, director of SpiderLabs at Trustwave. "This includes both automated security scanning, which will help uncover potential vulnerabilities and weak configurations, and in-depth penetration testing, which is designed to exploit vulnerabilities just like criminals would in the real world".
You can find out more about the findings in the full report which is available from the Trustwave site.