We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another.
But here’s one that jumped right out at me:
According to the Privacy Rights Organization, of the top 10 data breaches in 2009, 93 percent of compromised records were stolen as a result of malicious or criminal attacks against Web applications and databases.
This tells us where we are still vulnerable – web-facing applications, and the databases they talk to. For many medium to large organizations, keeping up with maintaining web applications through OS patches, application upgrades and database patches is more than a full time job.
It’s time to focus on those applications, and the people who develop them. In the “rush to market” mindset, security is a very low priority. This is where the problem begins. Sooner or later, customers are going to take their money elsewhere. But right now, companies are still content to put up applications without adequate testing.
It’s a matter of where the budget goes, isn’t it?
“Most of the largest and recent data breaches to date have been a result of attacks against Web applications,” explained Jeremiah Grossman, WhiteHat founder and CTO. “To address today’s real cyber threats, companies must shift their security strategy – and budgets – from being predominately infrastructure-based and prioritize the data and applications directly.”
Time to do some redirection – looked at your web-facing apps lately? Checked your databases? How many applications are still using an ID that gives way too much access by default?