The glaring headline in a ComputerWeekly.com post is that “Nearly a quarter of tech firms do not security check their products.”
The paper’s security editor, Warwick Ashford, wrote that nearly a quarter of organizations polled do not run security checks on products, and nearly a third admitted to shipping products with known security vulnerabilities.
Ashford’s article is based on key findings of a survey of 121 security professionals at the 2019 RSA Conference in San Francisco by cyber threat assessment firm Outpost24.
The article quotes Bob Egner, vice president of Outpost 24. In the article, he said, “These figures raise concerns about the priority that organizations are placing on security, especially when attempting to beat competition by rushing products to market,” said Bob Egner, vice-president of Outpost24.
“What many of the respondents are clearly forgetting is the damage security vulnerabilities can not only do to an organization’s customers, but also to brand and reputation,” he said.
According to Egner, if a company ships products, which are notoriously flawed with security vulnerabilities, they will not keep their customers for long and may ultimately face legal issues. “The value of beating competition can be lost or even reversed,” he said.
Survey respondents were also asked about when security was added into the development stages of products, with only 56% of respondents saying their organizations add security into the product development cycle at the very beginning, while 29% said they add it in the middle and 15% said they do it at the end.
“Any organization that is developing and marketing products should look to build security into the design stage, as the cost to correct them is documented to be smaller at an early stage of the development process,” said Egner.
“Taking a secure by design approach will mean security is built into the foundations of a product and will limit the cyber risks faced by users, which will ultimately increase customer satisfaction as well,” he said.
Leave a Reply