Outsourcing increases risk of hacking

Companies failing to build security in when outsourcing development of critical applications.

Organisations that are frequently hacked almost certainly outsource at least some of their coding practice according to a new report by Quocirca.

The technology analysis group say that companies are failing to build security in when they outsource the development of their critical applications.

The firm warns, that a ‘chilling’ one in five UK companies do not even consider security when building their applications. Moreover over 60% of companies overall that outsource the coding of their critical applications do not mandate that security must be built into the applications. 

Quocirca says that the hackers’ future is rosy given that outsourcing applications is on the up, with 78% admitting that software development is business critical for them choosing to outsource their vital applications.

The survey of 250 C-level executives and IT Directors from mainly 1000+ employee sized corporations from the UK, US and Germany found that 90% of those firms hacked outsource more than 40% of their code. Of the organisations stating that software code development is business critical or important to them, 50 percent outsource more than 40 percent of their code development needs.

Statistics already show that the software application layer is where most hackers are accessing critical data. According to NIST (National Institute of Standards and Technology), 92% of vulnerabilities affecting computer networks are contained in software applications.

This could be a growing problem as organisations increasingly look to outsource application development, more components of software applications are being developed outside of their direct control.

Fran Howarth, Principal Analyst at Quocirca and author of the report said: “The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications—without which they could be playing into the hands of hackers.”

Read more on IT risk management