Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Report Shows that One in Five Businesses Don’t Test for Security Vulnerabilities

Trustwave and Osterman Research Survey Reveals Top Trends in Security Testing and Vulnerability Management

CHICAGO - September 14, 2016 - Osterman Research and Trustwave today released a new report that shows many businesses fail to conduct frequent security testing despite believing that it's critically important to securing their systems and data. Shockingly, one in five of businesses surveyed for the report admitted they don't do any security testing, despite the fact that 95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities.

The report is based on an Osterman Research survey of 126 security professionals who have knowledge about or responsibility for security testing within their organizations. Security testing is the process of testing databases, networks and applications for vulnerabilities that could allow bad actors to penetrate them and steal sensitive or confidential information, encrypt data, disable intended functionality, or otherwise cause harm. The survey was sponsored by and conducted on behalf of cybersecurity and managed security services provider Trustwave.

Key findings from the "Security Testing Practices and Priorities: An Osterman Research Survey Report" include:

  • Most organizations are not proactive about security testing - Fewer than one in four organizations consider themselves to be "very proactive" in the context of security testing, while nearly one-half are "somewhat proactive." However, nearly one-third of organizations consider themselves "somewhat" to "very" reactive about security testing, or that their security testing posture is "non-existent."
  • Many organizations do no security testing - One in five organizations has not conducted security testing of any kind during the past six months. Among those that do conduct security testing, 66 percent do so only monthly or less frequently, and most do not perform regular security testing after every infrastructure change. Most organizations conduct security testing using a combination of in-house resources and third-party testing services, although two in five organizations manage security testing only in-house.
  • Most organizations find security testing a valuable best practice - Despite the fact that many organizations do not perform security testing, two-thirds believe that security testing is a valuable best practice.
  • Security testing and reviews are infrequent and, in some cases, organizations are leaving it up to fate - Both security testing and reviews of these tests are not commonplace: only 5 percent perform detailed reviews of security testing to assess vulnerabilities on a daily basis and only 24 percent do so weekly or multiple times during the week. Meanwhile, 25 percent of the organizations surveyed perform these reviews only quarterly or annually, and 20 percent do so only when they perceive the need, creating a situation where businesses are simply guessing when to test their systems.
  • Security skills shortage and testing challenges abound - Among the leading security testing challenges discovered in the survey, the most commonly cited are insufficient staffing, insufficient time with which to perform the security tests, and insufficient skills to support regular testing.
  • More than half of organizations are turning to third parties for help with security testing - To address these issues, a large proportion of those surveyed are open to the idea of using third parties, like managed security services providers, to perform security testing on their behalf. Thirty-five percent of those surveyed already do partner with a third-party for security testing, and another 21 percent plan to do so during the next year. Only 9 percent of those surveyed don't plan to use third-party security testing services.
  • No one is immune to cyber attacks - 95 percent of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities that were listed in the survey.

"Emerging trends like shadow IT, mobility and Internet of Things make regular security testing more important than ever," said Kevin Overcash, Director of SpiderLabs at Trustwave. "This includes both automated security scanning, which will help uncover potential vulnerabilities and weak configurations, and in-depth penetration testing, which is designed to exploit vulnerabilities just like criminals would in the real world."

"This report should be a major wake-up call for businesses and government agencies that a new approach and strategy for security vulnerability testing is required to better fortify databases, networks and applications against data theft and breaches," said Michael Osterman of Osterman Research. "Organizations need to look at security testing more comprehensively and perform it more frequently. Increasingly, security-savvy organizations are turning to managed security services providers for help in this area."

DOWNLOAD REPORT

To download a complimentary copy of "Security Testing Practices and Priorities: An Osterman Research Survey Report," which includes recommendations, visit: https://www2.trustwave.com/2016-Security-Testing-Report.html.

METHODOLOGY

Osterman Research conducted this survey in July 2016 with 126 members of its survey panel. In order to qualify for the survey, respondents had to be knowledgeable about and/or responsible for security testing in their organizations. The mean number of employees at the organizations surveyed was just under 14,700. A wide range of industries were included in the survey. The survey was sponsored by and conducted on behalf of Trustwave. The survey has a margin of error of +/- 8.7 percent.

ABOUT TRUSTWAVE

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats and Phishing-as-a-Service

Chicago – September 10, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released a series of reports detailing the threats facing the financial services...

Read More

Trustwave Wins Company of the Year Award from Frost & Sullivan for the Second Consecutive Year

September 5, 2024 – Chicago, IL – Trustwave, a leading cybersecurity and managed security services provider, today announced it was awarded Company of the Year in the Americas Managed Security...

Read More

Trustwave Recognized as Innovation Leader by Frost & Sullivan for the Americas and Europe

August 28, 2024 – Chicago, IL – Trustwave, a leading cybersecurity and managed security services provider, today announced dual honors of being positioned as the Innovation leader in the Frost &...

Read More