One in five US businesses doesn’t conduct regular security tests and reviews, although they understand their importance to data and infrastructure safety, found Osterman Research.
The report is based on interviews with 126 security professionals in charge of security testing. The focus was to explore the most important trends in security testing and vulnerability management. This is an extensive investigation into vulnerabilities in databases, networks and applications that could create a backdoor for hackers to shut down the system or steal confidential information.
Surprisingly, the survey revealed that organizations are not at all proactive when it comes to security testing, and some 66 percent have barely had such initiatives in the past six months.
Some 95 percent of respondents confirmed they’ve dealt with at least one security issue as a consequence of vulnerabilities in their network. Among the top three attacks on organizations are phishing or social engineering (71%), malware infiltration (59%) and DDoS (28%). Unknowingly, businesses constantly expose themselves to risks yet leave security to chance.
“It is important to note the fairly significant drop-off between network testing and other types of testing and the vulnerabilities this can create in an organization,” reads the report. “Since corporate applications, databases and mobile apps serve as gateways to sensitive data, such as email stores and customer information, it is imperative that all potential areas of vulnerability be tested.”
However, some businesses do conduct security testing once in a while, mostly through in-house and third-party services. Since as little as 4 percent conduct such tests two to three times per week, the report concludes business lack a proper strategy, preferring to guess whether they should run security tests or not.
Another reason behind not running regular security tests is a lack of trained staff to take charge of these measures, 51 percent claimed. A lack of time dedicated for such tasks was cited by 43 percent. Giving cyberattacks are right around the corner, it is imperative that businesses invest in thorough trainings for their employees to prevent vulnerabilities to outside threats, and to act responsibly and make security a top priority.