ONE IN FIVE BUSINESSES DO NOT TEST FOR SECURITY VULNERABILITIES
A fifth of businesses do not regularly test their systems for security vulnerabilities, according to a new report.
One in five organisations surveyed by Osterman Research and Trustwave said they do not do any security testing, despite its importance in staying secure.
95 per cent of those surveyed reported encountering one of the dozen common security issues related with vulnerabilities, making it even more surprising that so many fail to test.
By failing to check their databases, networks and applications for such flaws, they are missing opportunities to make it more difficult for attackers to cause harm to their businesses.
Less than a quarter of firms consider themselves to be “very proactive” in security testing, with a third calling themselves “somewhat” or “very” reactive or doing no testing at all.
One in five of the organisations questioned had done no security testing in the last six months, while two thirds of those who had done testing only do it monthly or even less frequently. Most do not perform regular security testing after every infrastructure change.
Despite so many failing to test, or doing it infrequently, two thirds of businesses said they believe security testing to be a valuable best practice.
Among the most common barriers to more frequent testing were insufficient staffing, insufficient time and insufficient skills – a symptom of the cyber security skills crisis.
As such, more than half of organisations are turning to third parties to help with security testing, while 21 per cent plan to do so within the next year.
“This report should be a major wake-up call for businesses and government agencies that a new approach and strategy for security vulnerability testing is required to better fortify databases, networks and applications against data theft and breaches,” said Michael Osterman of Osterman Research.
“Organisations need to look at security testing more comprehensively and perform it more frequently. Increasingly, security-savvy organisations are turning to managed security services providers for help in this area.”