Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Why the state of application security is not so healthy

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 24 Sep 2013 08:19:05 +0000 (UTC)
http://www.csoonline.com/article/740164/why-the-state-of-application-security-is-not-so-healthy

By George V. Hulme
CSO Online
September 23, 2013
Application security is an alarming and persistent problem: Nearly one-third of all breaches can be attributed to attacks against web applications, and both web application and database attacks account for most records breached every year. That's according to the Verizon 2013 Data Breach Investigations Report, which looked at 47,000 reported security incidents and 621 confirmed data breaches during the year prior to the report.
Web applications – because they are so easy to exploit and provide access into enterprise data – have long been top targets of attackers. That's why it's so surprising, or at least disappointing, that so many organizations pay application security such little attention.
For instance, our 2012 Global Information Security Survey, which was conducted by CSO and CIO magazines and PricewaterhouseCoopers and asked 12,052 business and technology executives about their organizations' security efforts. The survey found that only 35 percent of those questioned actually include application security in their internal security policies.
Fortunately, not every company is so lax. Consider Menlo Park, CA-based medical image sharing startup Image32. Founded in 2011, Image32 aims to help ease patient and doctor pain when it comes to sharing medical images such as X-Rays, CT Scans, and MRIs. "If all of your care takes place within the same hospital building, sharing these images among doctors is typically no trouble at all," says Image32 founder and CEO Bob Pellican. "However, because of security concerns, once a patient goes to another medical building, they will most likely need to copy all of their images to a CD or DVD and carry them around from specialist to specialist," he says. 

[...]


--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: