Detecting Application Vulnerabilities Is Important to Your Business

There is some interesting data in the 2013 Global Information Security Workforce Study that requires further examination. When asked about organizational priorities with respect to to-be-avoided categories, the top five category responses were damage to the organization’s reputation (83%), breach of laws and regulations (75%), service downtime (74%), customer privacy violations (71%) and customer identify theft or fraud (61%).

Looking beyond the raw numbers, it is clear that the organizational priorities are aligned to the priorities of IT security professionals whose job it is to counter cyber-attack.

Here is a link to the study.

Related articles

• Application vulnerabilities still a top security concern (net-security.org)
• Application Vulnerability Is the Top Concern for Information Security Professionals (quatrashield.com)

Application Vulnerability Is the Top Concern for Information Security Professionals

The 2013 Global Information Security Workforce Study highlights the concern on the part of security professionals that relate to application vulnerabilities. Out of a choice of 12 vulnerabilities and threats, the top three selected by security professionals were application vulnerabilities (69% of respondents), malware (67% of respondents) and mobile devices (66% of respondents).
Here is a summary of other interesting findings from the report:
•    There has been a jump in concern relating to cloud-based services. In the 2011 survey, 43% of respondents had high concern related to cloud based services. This number rose to 49% of respondents in 2013 reflecting increased adoption of cloud-based services.
•    C-Level executives tend to be more concerned about vulnerability categories than respondents who have other job titles. 72% of C-Level executives who were interviewed picked application vulnerabilities and 70% selected mobile devices. This is a somewhat higher number than other job categories.
•    Respondents in developing countries are more concerned than developed countries. Reflecting relative less sophisticated cyber security defense mechanisms in developing countries, there is much higher concern.
•    Smaller companies tend to underestimate the different threat and vulnerability categories relative to larger companies. The authors of the report hypothesize that larger companies have more resources in place to examine threats (penetration testing, web application vulnerability scanners) and may therefore be more aware of potential risks.
•    Response data varied by industry. Companies in the financial industry and also government entities surpass those of other industries. This is largely attributed to the fact that these are higher targets for hackers and organized criminals.

Here is a link to the study: https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/2013%20Global%20Information%20Security%20Workforce%20Study%20Feb%202013.pdf