Survey Says Corporations Don't Trust Web Applications Security

Oct 16, 2007 4:26 PM

Cenzic Inc., a provider of application security vulnerability assessment and risk management solutions, and Executive Alliance have released the results of a study that examines the state of application security entitled "The Voice of IT Leadership on Web Security: 2007." The survey focuses on security issues and insights affecting the C-level executive, with the results reflecting responses from 476 information security professionals.

The survey uncovered that among executives there is a general lack of confidence in current solutions and methods protecting companies from being hacked, with half of respondents either partially or not at all confident that their current application security methods and solutions can protect their organization's Web site from hackers.

"This survey confirms what we've heard from our customers, that most corporations don't trust that their Web applications are secure," says John Weinschenk, CEO and president of Cenzic. "Companies are struggling to protect their Web applications and they are anxiously working to stay one step ahead of hackers whose efforts become more sophisticated with each attack. Cenzic's role is to provide the software and services that help companies automate the security process and ultimately keep their applications and data secure."

The highlights from the survey point out some disconcerting trends within the industry. Although the majority of C-level executives are aware that security initiatives are needed within their organization, the bulk of organizations surveyed do not have the resources or budget to do a more thorough job of continuously testing their applications, making them susceptible to various forms of malicious hack attacks and cybercrime.

Other key findings in the study include:
* Data breach is cited as highest priority application security risk in 2007. Identity theft, data breaches, unauthorized access and downed Web sites are the key security risks that security professionals sited as their highest priority to stop.
* More than half of the respondents fear losing their job if there is a security breach.
* Confidence is low that senior management or board of directors understand the costs and liabilities in case of a Web site hacking. Less than 19 percent of respondents are confident that their senior management and board of directors truly understand the costs, losses and other implications associated with a Web application security breach.
* Almost 60 percent of respondents dedicate less than 10 hours per week to securing their Web applications. Less than 20 percent of organizations have an employee dedicated to the task of securing their applications.
* Only approximately 10 percent of respondents classify their testing of Web applications in pre-deployment as "excellent."
* Forty-four percent of respondents cite customers' confidential information loss as posing the biggest financial problem for an organization.
* More than half of respondents say Web application security awareness training is a priority. However, 43 percent of respondents agree that there is not adequate funding for training within their organizations.

The intent of the survey was to examine the issues facing security professionals and their organizations, to evaluate perceived preparedness, to understand approaches and concerns and to assess the current and future state of the evolving threat environment. For a copy of the complete survey, visit www.cenzic.com/sur.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue