A recent study conducted by the Ponemon Institute shared some interesting findings regarding the state of application security. The results showed a big need for improvement.
Listing three of the key data points shared in the study can help you identify one of the application security issues at hand immediately.
71% of executives believe application security training is available and up to date. Only 20% of security personnel feel this way.
67% of executives think they have a mature application security program in place versus 33% of security personnel.
75% of executives believe secure architecture standards exist in their organization as opposed to 23% of security personnel.
What’s the first thing that stood out to you?
It seems the level of security within the business is put into question. Executives obviously feel their application security is strong and in good standing, but security personnel do not feel the same way. This also means there is a huge disconnect between decision makers and staff on the state of app security.
The gap in communication is actually a huge problem for the state of security for businesses overall; it is not the first time we discuss the need for improvement in that area and it probably won’t be the last. If executives do not start realizing the need to keep an open ear to what’s wrong with the level of security within the organization, the risks of breach and available vulnerabilities will not change.
Another challenge to app security includes organizations not having a set of policies and requirements; along with not identifying or measuring risks. Furthermore development teams are not measured for compliance with security regulations and standards. Finally, businesses are not testing application security (57% of companies to be exact).
Improve communication; end the gap between top management and your security staff now.
Define your policies and standards. Also, train and measure.
Above all, test your application security now! Patching is not enough nor is only complying. Changes, updates and new risks are always on the horizon.
What are you doing to change the status of your application security before it gets worse, before you get breached?
Photo courtesy of Tokyodcs