A Third of Security Pros Have Skipped Cyber-Safety Checks to Launch Products Faster
A survey of 300 security professionals has found that 34% admit to bypassing security checks to bring products to market faster.
The research was carried out by cyber assessment company Outpost24, which questioned attendees at the Infosecurity Europe Conference held in London in June of this year.
Worryingly, 64% of the security professionals surveyed were of the opinion that their customers could be affected by data breaches as a direct result of unpatched vulnerabilities in their organizations' products and applications.
Asked if the products their company is happy to sell to the public would stand up well under penetration testing, 29% of respondents said either that they weren't sure or that they didn't believe their organization’s products and applications would fare well if tested.
According to the survey results, an alarming number of organizations have the same attitude toward security testing as many people have toward flossing their teeth—they know they should do it, but rarely bother.
Despite 92% of security professionals agreeing that it is important to carry out security testing on new products and applications, 39% of them said that their organizations didn't introduce security testing from the beginning of the product or application lifecycle.
Bob Egner, VP at Outpost24, said: "Our study shows that even despite continuous warnings, organizations today are still leaving their customers at risk because of a failure to address security vulnerabilities in products before they are introduced to market. If organizations are not addressing these security vulnerabilities, they are taking a huge gamble and abusing customer trust."
Egner foresees a bleak future for companies whose greed blocks them from adequately checking for vulnerabilities in their products and resolving identified weaknesses before products are launched.
He said: “Negligence towards security will eventually lead to disastrous outcomes for technology and application vendors and their customers. There should be no excuses today, especially when security is such a big issue and so many breaches, which have happened up and down the technology stack, are well publicized.”
Egner advised organizations to save their reputations and be more considerate of their customers by unearthing software vulnerabilities in products and applications before they go on sale, using a combination of penetration testing and automated application scanning.
Source: Information Security Magazine