Ponemon Study Reveals Most Companies’ Websites are Unprotected
April 2010 by Imperva, WhiteHat Security and the Ponemon Institute
Imperva, WhiteHat Security and the Ponemon Institute announced the
results of their survey, “The State of Application Security,” which assessed the
data security risk of insecure websites. The survey found that most businesses,
despite having numerous mission-critical applications accessible via their websites,
fail to allocate sufficient financial and technical resources to secure and protect
Web applications, leaving corporate data vulnerable to theft.
According to the study, the majority of respondents believe that insecure Web
applications present the greatest threat to corporate data. However, 70 percent
noted that their organizations do not view application security as a strategic
initiative, nor did they believe their organizations had sufficient resources
specifically budgeted to Web application security to address the risk. The study
found that only 18 percent of IT security budgets were allocated to address the
threat posed by insecure Web applications, while 43 percent of IT security budgets
were allocated to network and host security, the areas respondents felt to be of
least concern.
The survey found that the vast majority of developers are too busy to respond to
website security issues.
Recommendations:
* You can’t secure what you don’t know you own – Inventory your Web
applications to gain visibility into what data is at risk and where attackers
can exploit the money or data transacted.
* Assign a champion – Designate someone who can own and drive data security
and is strongly empowered to direct numerous teams for support. Without
accountability, security, and compliance, will suffer.
* Don’t wait for developers to take charge of security – Deploy shielding
technologies to mitigate the risk of vulnerable Web applications.
* Shift budget from infrastructure to Web application security – With the
proper resource allocation, corporate risk can be dramatically reduced.
”The Ponemon study surveyed 627 IT and IT security practitioners from more than
400 multinational enterprises and government organizations. For a copy of the
complete report visit:
https://whitehatsec.market2lead.com/wt/lt.do?m2lc=359090588-12-1077824443