Sister CISA CISSP

Apr 26 2010   4:29PM GMT

Paying Attention To Statistics



Posted by: Arian Eigen Heald
Tags:
Data Breaches
Database security

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another.

But here’s one that jumped right out at me:

According to the Privacy Rights Organization, of the top 10 data breaches in 2009, 93 percent of compromised records were stolen as a result of malicious or criminal attacks against Web applications and databases.

This tells us where we are still vulnerable – web-facing applications, and the databases they talk to. For many medium to large organizations, keeping up with maintaining web applications through OS patches, application upgrades and database patches is more than a full time job.

It’s time to focus on those applications, and the people who develop them. In the “rush to market” mindset, security is a very low priority. This is where the problem begins. Sooner or later, customers are going to take their money elsewhere. But right now, companies are still content to put up applications without adequate testing.

It’s a matter of where the budget goes, isn’t it?

“Most of the largest and recent data breaches to date have been a result of attacks against Web applications,” explained Jeremiah Grossman, WhiteHat founder and CTO. “To address today’s real cyber threats, companies must shift their security strategy – and budgets – from being predominately infrastructure-based and prioritize the data and applications directly.”

Time to do some redirection – looked at your web-facing apps lately? Checked your databases? How many applications are still using an ID that gives way too much access by default?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: