Organisations rarely test for vulnerabilities

Despite it being considered best practice for the security posture improvement.

Are you conducting regular tests for cyber-vulnerabilities in your company? If not, you're not alone. A significant number of organisations are not doing it, despite the fact that it is considered one of the best way to keep an organisation safe from cyber-attacks. 

This information was published in a new report by Osterman Research and Trustwave, based on a survey of 126 security professionals.  The report describes security testing as ‘the process of testing databases, networks and applications for vulnerabilities that could allow bad actors to penetrate them and steal sensitive or confidential information, encrypt data, disable intended functionality, or otherwise cause harm’. 

Almost a third of polled companies said they’re either completely, or somewhat reactive to security threats. They also said their security posture is ‘non-existent’. A fifth of organisations haven’t done a security test in the past half a year, while 66 per cent do it once a month, or even less frequently.  

Most don’t test their security posture after every infrastructure change. Despite many leaving everything to fate, most organisations still consider security testing best practice.  

"Emerging trends like shadow IT, mobility and Internet of Things make regular security testing more important than ever," said Kevin Overcash, Director of SpiderLabs at Trustwave.  

"This includes both automated security scanning, which will help uncover potential vulnerabilities and weak configurations, and in-depth penetration testing, which is designed to exploit vulnerabilities just like criminals would in the real world." 

It is extremely important for organisations to know that cyber-attacks are not something that usually happens to someone else. Almost everyone (95 per cent) of respondents said they had at least one common security issue.

Image source: Shutterstock/deepadesigns