When it comes to priorities, getting a product out the door often takes precedence over security. And this “need to go-live now” mentality may be negatively affecting a company’s cyber security. Recently, the Department of Homeland Security indicated that “it is estimated that 90 percent of reported security incidents result from exploits against defects in the design or code of software”.
What does this mean for most companies? Well, you may be potentially exposing sensitive data and processes to breaches or hackers due to vulnerabilities in your system. Everyone has heard about major breaches at Target and other large corporations. While most companies have the mentality that “it can’t happen to me”, they could experience breaches at nearly any time.
Where Cyber Security is Falling Down
Companies typically focus a lot on network security, but the real threats are actually happening at the application stack according to a recent report from Cisco. The use and availability of “off-the-shelf” options are exasperating the problem. Open source and even SaaS applications can increase the vulnerabilities a system. Many programmers are no longer writing all of their own code and are borrowing a certain amount of it from other programs or open source platforms.
Add to this to the fact that most security testing doesn’t happen until the end of the process – if it even happens at all. This lack of testing is putting more and more personally identifiable information (PII) at risk for being compromised.
What Needs to Happen
According to the SANS Institute “2015 State of Application Security: Closing the Gap”, the most important way to reduce breaches is to have software developers and development organizations, and security and operations teams align more closely and work together.
Most of these people don’t really understand the other person’s job. Developers are only now becoming aware of the potentially security risks due to the recent string of high-profile breaches. On the other hand, security teams need to understand the time-constraints that the developers live under.
Security testing also needs to happen throughout the process – without actually slowing down the development cycle and causing deadlines to be missed. Plus, developers need to be taught how to write secure code.
If a company doesn’t have the resources to perform their own cyber security testing internally, they should outsource with a company that can keep up with software development lifecycle demands. iBeta works with your internal terms to perform testing without slowing down the process. Learn more now.