IT Governance, the leading provider of cyber risk and privacy management solutions, has released the results of its first Web Application Attack Survey, which examines how information security professionals across a wide range of industries protect their applications. The survey reveals the most common reasons that organisations secure applications, and the frequency and types of web application testing that they employ. it also highlights the level of risk faced by organisations, with 37% of respondents reporting that their web application(s) had been compromised in the past 12 months.
Alan Calder, founder and executive chairman of IT Governance, said: “The increasing number of cyber attacks combined with stringent legal and regulatory compliance requirements demand that organisations take cyber security seriously. Whether through social engineering or malware-as-a-service, we have seen cyber criminals employ a wide range of tactics to exploit code-level vulnerabilities in web applications and thwart authentication mechanisms.
Top security risk
“We recognise that web applications are a top security risk. While most organisations are under the impression that security is about ensuring web developers and staff do their jobs, keeping data secure is ultimately the responsibility of the whole organisation, and it is up to the organisation to make sure measures are in place to spot vulnerabilities before it’s too late. Penetration testing is a vital part of a strong defence and can be less costly than most think.”
Not mature enough
The report also examines how information security professionals across a wide range of industries protect their applications. Less than half of web applications tested for vulnerabilities, with only a quarter of respondents saying that they test more than 75% of their applications. These findings are a clear signal that the testing approach taken by organisation is often not mature enough to support today’s complex IT operations.
Testing IT Governance
To simplify security testing IT Governance uses a tailored approach to ensure the security testing meets the maturity and expectations of the organisation. IT Governance’s security tests are performed by CREST-accredited security testers, who leverage their diverse knowledge of penetration and vulnerability testing and the associated security challenges to deliver accurate results.