Apr 26 2010   4:29PM GMT

Paying Attention To Statistics

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another.

But here’s one that jumped right out at me:

According to the Privacy Rights Organization, of the top 10 data breaches in 2009, 93 percent of compromised records were stolen as a result of malicious or criminal attacks against Web applications and databases.

This tells us where we are still vulnerable – web-facing applications, and the databases they talk to. For many medium to large organizations, keeping up with maintaining web applications through OS patches, application upgrades and database patches is more than a full time job.

It’s time to focus on those applications, and the people who develop them. In the “rush to market” mindset, security is a very low priority. This is where the problem begins. Sooner or later, customers are going to take their money elsewhere. But right now, companies are still content to put up applications without adequate testing.

It’s a matter of where the budget goes, isn’t it?

“Most of the largest and recent data breaches to date have been a result of attacks against Web applications,” explained Jeremiah Grossman, WhiteHat founder and CTO. “To address today’s real cyber threats, companies must shift their security strategy – and budgets – from being predominately infrastructure-based and prioritize the data and applications directly.”

Time to do some redirection – looked at your web-facing apps lately? Checked your databases? How many applications are still using an ID that gives way too much access by default?

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: