Mexico. Westcon-Comstor's business unit and one of the leading Cisco technology wholesalers, says companies are not yet planning their Digital Protection strategies with risks in mind.
Security is one of the most discussed and discussed topics in the area of IT. However, each new study of the sector reveals an intriguing reality: despite the high information on alerts and vulnerability, companies still do not plan their Digital Protection strategies thinking about the risks.
A recent study by White Hat, a Web security company, revealed that, although after countless warnings about application vulnerability dangers, for example, companies still do not have a systemic work that prioritizes the containment of security risks in this item.
The report, which concentrates annual data on Web security, showed that, in addition to the lack of plans for the containment of risks in terms of applications, companies can take months or even years for most vulnerabilities to be communicated in all sectors of the organization. Likewise, it would also take a long time to establish measures to prevent further similar attacks or to open the way to a number of other security problems.
To get an idea of the risk, the White Hat paper shows that about a third of insurance orders, nearly 40% of banking or financial services applications, and half of retail applications, for example, are always vulnerable and that the number of breaches in those applications has grown significantly. On the other hand, application security does not improve at the same rate as attacks.
Companies have taken, on average, 150 days to fix vulnerabilities, but only a significant portion of them are corrected. In addition, the average time to fix a vulnerability after a breach reaches systems can take 2 to 5 years.
What does this mean?
Specialists translate that data with concern, because if critical and high-risk vulnerabilities known to companies are not corrected quickly, what can be expected from new threats? And the delayed response time in detecting and containing breaches means that companies are increasingly exposed and that there is not yet, on the part of companies, a plan that defines priorities in terms of Web security focused on the systematic risk of those vulnerabilities.
The recommendation is that organizations make a better security assessment with a focus on building strategies and remediation, considering the software lifecycle.
Another statistical study, conducted by Akamai, a U.S. Internet company, showed a more than 20% increase in attacks on Web applications, especially attacks on HTTPS Web applications, which rose almost 234%. Interestingly, there was also a huge increase in SQL injection attacks, with an 87.3% jump in that area.
Since the environment in companies is more oriented to the increase of connectivity, there is a clear need to adapt to the security infrastructure, which includes attention to the increase and diversity of different devices that will be connected, as well as applications and integration points in those networks.
In this way, companies need a focus on the definition of protection policies and use of monitoring, grouping the infinity of types of products available for the construction of a security architecture. Without that, criminals will have an open field to commit crimes, without any kind of security plan and containment of those threats.
