Companies Spend More on Coffee Than Web App Security

Thursday, February 10, 2011



A recent report by the Ponemon Institute, Cenzic and Barracuda Networks has produced a startling statistic: eight-eight percent of companies surveyed indicate they spend more on coffee than they do on securing Web applications.

In spite of this staggering revelation, seventy-four percent of the organizations surveyed still ranked Web application security as being equal to or more important than other security priorities.

Clearly, organizations are struggling with Web application security issues.

"While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security,” said Dr. Paul Judge of Barracuda Networks.

Other findings from the survey include:

  • 66 percent test less than 25 percent of these applications for vulnerabilities
  • 62 percent cited data protection as impetus for Web app security
  • 51 percent cited compliance as the top reason for securing Web apps
  • 51 percent listing compliance as a key driver for Web application security
  • 41 percent reported having over 100 Web applications or more

"The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight – eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall," Judge stated.


Possibly Related Articles:
Firewalls Enterprise Security Web Application Security Poneman report Information Security
Post Rating I Like this!
Naj Rellim No one believes hacking can happen to them. As a webmaster, time and time again site owners tell me "Oh, we are just a small operation. Hackers will never find us." And unfortunately those are the very sites upon which hackers thrive.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.