One in Seven Australian Businesses Doesn’t Test for Security Vulnerabilities: New Trustwave Report

Trustwave Research Survey Reveals Top Trends in Security Testing and Vulnerability Management

SYDNEY - Nov 30, 2016 - Trustwave today released a new report that shows many Australian businesses fail to conduct frequent security testing despite believing that it's critical to securing their systems and data. Lamentably, one in seven businesses surveyed admitted they don't do any security testing in spite of all respondents having encountered one of the dozen common security issues associated with security vulnerabilities.

The report is based on a survey of 200 security professionals who have knowledge about or responsibility for security testing within their organisations. Security testing is the process of testing databases, networks and applications for vulnerabilities that could allow bad actors to penetrate them and steal sensitive or confidential information, encrypt data, disable intended functionality, or otherwise cause harm.

Key findings from the " Australian Security Testing Practices and Priorities: A Trustwave Survey Report" include:

•  
• Most organisations are not proactive about security testing - Two in five organisations consider themselves to be "very proactive" in the context of security testing while another two in five are "somewhat proactive." However, nearly one in five organisations considers themselves "somewhat" to "very" reactive about security testing, or that their security testing posture is "non-existent."
•  
• Many organisations do no security testing - One in seven organisations has not conducted security testing of any kind during the past six months. Among those that do conduct security testing, 39 percent do so only monthly or less frequently, and many do not perform regular security testing after every infrastructure change. Nearly half of the organisations conduct security testing using a combination of in-house resources and third-party testing services, while just over one-third conduct security testing only in-house.
•  
• Many organisations find security testing a valuable best practice - Despite the fact that many organisations do not perform security testing, nearly 50 percent believe that security testing is a valuable best practice.
•  
• Security testing and reviews are infrequent and, in some cases, organisations are leaving it up to fate - Both security testing and reviews of these tests are not commonplace: only 14 percent perform detailed reviews of security testing to assess vulnerabilities on a daily basis and only 41 percent do so weekly or multiple times during the week. Meanwhile, 11 percent of the organisations surveyed perform these reviews only quarterly or annually, and 8 percent do so only when they perceive the need, creating a situation where businesses are simply guessing when to test their systems.
•  
• Security skills shortage and testing challenges abound - Among the leading security testing challenges discovered in the survey, the most commonly cited are inadequate staffing, insufficient budget and the shortage of skills to support regular testing.
•  
• Nearly one-third of organisations are turning to third parties for help with security testing - To address these issues, a large proportion of those surveyed are open to the idea of using third parties, like managed security services providers, to perform security testing on their behalf. Twenty-eight percent of those surveyed already do partner with a third-party for security testing, and another 38 percent plan to do so during the next year. Only 10 percent of those surveyed don't plan to use third-party security testing services.
•  
• No one is immune to cyber attacks - All respondents reported encountering one of the dozen common security issues associated with security vulnerabilities that were listed in the survey.

"Escalating cyber crime combined with the adoption of emerging technologies like mobility and Internet of Things as core business imperatives make regular security testing more important than ever," said Michael Gianarakis, Director, Asia Pacific, SpiderLabs at Trustwave. "Organisations need to look at both automated security scanning and in-depth penetration testing to identify where they're vulnerable and take preventative measures."

Download Report

To download a complimentary copy of "Australian Security Testing Practices and Priorities: A Trustwave Survey Report" which includes recommendations, visit: https://www.trustwave.com/en-us/resources/library/documents/australian-security-testing-practices-and-priorities/

Methodology

Trustwave conducted this survey in October 2016 with 200 Australian respondents. To qualify for the survey, respondents had to be knowledgeable about and/or responsible for security testing in their organisations. The mean number of employees at the organisations surveyed was 1,439. A wide range of industries was included in the survey. The survey has a margin of error of +/- 8.7 percent.

About Trustwave

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper^® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.