A survey has shown that 81% of IT security professionals know
that their applications are vulnerable to hackers.
Fortify Software conducted the survey at the
Infosecurity Europe 2008
event in April. More than 300 security specialists from businesses
with more than 1,000 employees were questioned and nearly a third
admitted that they are "very worried" about the security of their
applications.
Additionally, a quarter of companies surveyed say that they
outsource application development but do not specify that any
security processes or technologies be applied to ensure the
security of outsourced applications.
In the wake of Londoner
Gary McKinnon's hack into US military systems, Fortify's
findings also state that a third of companies say that hacking is a
daily occurrence and that 17% of these incursions were
successful.
Speaking to ComputerWeekly.com, Fortify Software's head of
product marketing Rob Rachwald said, "The results of our survey
show that hacking is a very real threat to a lot of companies. But
what is perhaps more insightful is that most companies feel that
outsourcing increases their chance of being hacked. Where
budgets for in-house code development do not exist, it becomes
especially important that businesses are continuously (and
automatically) checking their applications for
vulnerabilities."
In terms of a response to these threats, Fortify's study shows
that compliance to standards such as
Sarbanes-Oxley and
Basel 2 are positive drivers. The company also says that
firewalls are still the most popular form of defence with 98%
choosing this as the default option.