Sleep tight! A recent survey found that half of companies had been hacked within the past year, often times with “severe financial consequences.” Here with the breakdown is PCAdvisor.com:
The study, sponsored by Coverity, also found the IT professionals willing to admit their organizations were facing various types of difficulties that contributed to their Web application security problems. Among these were:
- Can’t keep pace with the volume of code they produce. Here, the IT professionals cited the competitive need to keep up with delivery of “products, services and new engagement models” needed for success and profitability of the business, saying this need has put the app-dev teams “under intense pressure to increase their delivery speed.”
- Struggle to build the business case for additional funding. Fully 71% of the respondents that suffered at least one data breach said they felt they didn’t have enough funding to invest in application security technologies and processes.
- Lack of adequate tools. About three-quarters suffering a data breach said they likely didn’t have the right tools for application security.
The Forrester survey also asked the respondents for detail on specific security problems that had raised their risk of suffering a data breach.
Default password accounts, SQL injection-related vulnerabilities and security misconfigurations were cited most frequently. For those organizations that had suffered five to 10 incidents since 2011, SQL injection topped the list.
Of the points listed above, I found the “can’t keep up with code” item to be the most thought provoking. Perhaps the agile methodology lends itself to software that is vulnerable to common attacks….
What surprised you most about this survey? Let us know in the comments section.