Jürgen Fälchle - stock.adobe.c

Commercial interests put customer security at risk, survey shows

Firms are bypassing security to push products and services into the market, increasing security risks for the organisation and its customers, a poll of information security professionals shows

More than one-third of organisations (34%) admit to bypassing security to get products out to market more quickly, a survey has revealed.

This is despite the fact that unpatched vulnerabilities accounted for 27% of breaches is 2018, according to Verizon’s Data Breach Investigations Report (DBIR).

The survey, of 300 information security professionals at the Infosecurity Europe conference in London by security firm Outpost24, also revealed that 64% of respondents believe their customers could easily be breached as a result of unpatched vulnerabilities in their organisation’s products and applications.

Also, 29% of respondents were not sure, or didn’t believe that their organisation’s products and applications would fare well if a security penetration test was carried out on them.

“Our study shows that despite continuous warnings, organisations are still leaving their customers at risk because of a failure to address security vulnerabilities in products before they are introduced to market,” said Bob Egner, vice-president at Outpost24.

“If organisations are not addressing these security vulnerabilities, they are taking a huge gamble and abusing customer trust.”

Negligence towards security will eventually lead to “disastrous outcomes” for technology and application suppliers and their customers, said Egner.

“There should be no excuses today, especially when security is such a big issue and so many breaches, which have happened up and down the technology stack, are well publicised,” he added.

The survey also revealed that although 92% of security professionals said their organisation believes it is important to carry out security testing on new products and applications, nearly two-fifths of organisations do not introduce security testing from the beginning of the product or application lifecycle.

Read more about vulnerability patching

“While many organisations seem to understand the importance of security testing, they are not necessarily putting it into practice,” said Egner.

“A combination of penetration testing and automated application scanning is a great way to unearth software vulnerabilities in products and applications, and organisations are advised to carry out the process continuously or at least before they put a product out to market.

“The aim is not to address every single vulnerability detected, but to understand which are the most dangerous to the business and its customers and then work to remediate them first.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management