Time and time again we have seen breaches in security cost companies a lot of money, and in many cases cause serious damage to their reputation as well.
Before talking about breaches, it’s best to first understand how and why they happen. A breach is often the result of a vulnerability, which hackers exploit to get into a system and then access sensitive data.
Read text transcript of this video
How big of a problem are vulnerabilities? Research from IDC shows that security spending is expected to grow nearly 10% in the coming 3 years. Growth is being driven by cloud security gateways (CSGs), web application firewalls (WAFs), and innovation in classic web content security/URL filtering solutions.
Another recent report has found that a web app typically contains 33 vulnerabilities, six of which are classified as high severity. Alarmingly, the prevalence of vulnerabilities is growing. Compared to 2017, the number of critical vulnerabilities per web application has increased by 3 times.
In 19% of web applications, an attacker can exploit a vulnerability to take control of it. They can also take over the server OS to penetrate further into the internal corporate network, potentially casting a wider net of what information they can access and steal.
Nowadays, most (91%) web applications store and process personal data. In 18% of cases, an attacker can obtain account credentials and personal data, which can extend to include those for third parties.
Mobile apps are also highly susceptible to security exploits. Up to 95% have small issues, 45% high risk, and 35% critical.
Typically most businesses are solving this problem by organising security testing at the end of the lifecycle (penetration testing etc.), and the problem with this is that most issues can be attributed to insecure data storage (76%), insecure transfer of sensitive data (35%) or incorrect usage of session expiration (35%), which are issues that should be tackled right from the start of the development cycle.
Top 4 digital security statistics and trends infographic
In fact, research is saying that configuration changes are often enough to solve 17% of shortcomings, as most are of low severity. Even if coding errors are to blame for most vulnerabilities, particularly critical issues, which require modifications to code, those errors could easily be avoided from the start.
What would happen to your company, knowing that hackers don’t even need physical access to the device to exploit these vulnerabilities? Malware can be used in 89% of cases to gain access to user data and send it back to hackers.
And 29% of apps are said to have high-risk vulnerabilities in the form of insecure inter-process communication. When exploited, hackers can remotely access the data processed within the app.
As more company apps and data move to the Cloud, adequate security measures are critical for protecting these valuable assets. What if there was a way to - aside from preventing breaches - doing security right, and thus enhancing your business agility and lowering the time to market, as well as build confidence and trust with your customers?
At Planit, we focus on quality assurance, so we approach security from a quality perspective. To that end, we’ve developed security services that can provide you with security assurance along all stages of your product development, not just after it’s been deployed.
You too can gain valuable insights into your cybersecurity position through meaningful metrics around your technology and business processes. Find out how we can help you secure your systems and protect your important data starting today.