Imagine you are newly married and you and your spouse are looking for new home to build and raise your family. You spend time pouring over real estate books, websites, and talking with your friends. After considerable time and research you settle into a cozy three bedroom home within 15 minutes of your office. You begin to love your neighborhood but as you meet with your new neighbors you discover an alarming trend. Within the past 6 months 13% of the homes in the neighborhood experienced a major safety or security issue such as a fire, break in, or someone redirected their mail to a foreign address. You wonder if these people are unlucky or have you moved into a bad neighborhood. When you share your findings with your spouse they respond with "I'm sure we're fine! Let's, twice a year, make sure the doors are locked at night and take the fire extinguisher out of the closet."
You may find this illustration silly but it reflects how IT managers respond to their web security.
Recently IDG Connect, the world’s largest technology media company, produced a report on corporate web security and found some interesting findings. The study revealed that IT managers often operate with a baseless sense of optimism within a landscape dotted with threats. When asked about how they feel about their web security they said (0% not secure, 15% reasonably secure, 55% very secure, 19% totally secure, & 11% were not sure).
When comparing large companies against their mid-sized counterparts the study found that they tested for vulnerabilities on a monthly basis 53% of the time vs. 13%. Interestingly the study also found that rate of not testing at all was highly discouraging with the size of the business having little bearing on rate (Large 30% vs. Medium 34%).
Of the IT Managers interviewed 13% stated they experienced a breach within the last 6 months. These threats include everything ranging from brute force attacks (59%) to content spoofing (18%). Despite the optimism of the 89% that their websites were reasonably to totally secure these security issues persist. Would they not try to better protect their home if 13% of the homes in their neighborhood had their door kicked in every 6 months? Would they continue to eat at a local restaurant if 13% of the regular guests came down with food poisoning twice a year?
Of the companies that experienced a breach there were four main ways they improved their security in order of frequency:
- Improved SSL protection
- Improved security software
- Improved firewall
- Outsourcing web hosting
If you want your confidence in your web security to be well founded then I recommend testing your website for vulnerabilities once a month at a minimum as well as ensure your security software is up to date and operates with minimal system interference. For more information I recommend downloading the report: https://forms.ws.symantec.com/cgi-bin/go.cgi?a=ILVE4-2175-01-26