Despite the reputation-damaging headlines that appear after a data breach, and even as companies themselves acknowledge the significance of network security preparedness, 20 percent of businesses have gone at least six months without any testing for security vulnerabilities, according to a new report. In Security Testing Practices and Priorities, Osterman Research and compliance solutions provider Trustwave found that, even among the one-fifth that do test, 66 percent do so only monthly or less frequently, and most do not perform regular security testing after every infrastructure change. Nearly 70 percent consider security testing a best practice, but simultaneously, nearly one-third of organizations consider their testing posture reactive vs. proactive or concede that it is simply non-existent.
“This report should be a major wake-up call for businesses and government agencies that a new approach and strategy for security vulnerability testing is required to better fortify databases, networks and applications against data theft and breaches,” said Michael Osterman of Osterman Research. “Organizations need to look at security testing more comprehensively and perform it more frequently. Increasingly, security-savvy organizations are turning to managed security services providers for help in this area.”
According to the report, five percent of businesses perform daily reviews to assess vulnerabilities and 24 percent do so at least weekly. One quarter of organizations perform security reviews quarterly or annually and 20 percent do so only when they perceive the need.