We recently released a report, The Real Root Cause of Breaches, which revealed that there is a damaging divide between general IT professionals and specialized security professionals when it comes to perception and implementation of application security in enterprises. Check out the infographic below:
Dive further into the data and you'll soon see that security and IT professionals are at odds in three major areas:
Immediacy of Updates
Security professionals know that today’s security solutions need constant and seemingly never-ending updates and patches to keep corporate data and applications secure against evolving threats. In fact, 82 percent of security pros say they update applications at least once a week, and 52 percent say they update applications at least once a day, or even multiple times a day. However, some IT professionals are running applications without updates for up to six months. This means for half a year IT professionals are allowing their applications to be vulnerable to attacks.
Tuning Existing Application Security Solutions
According to our report, 97 percent of security professionals spend up to 4 days of the week tuning existing application security solutions, versus 83 percent of IT professionals who only spend 2.5 days/week tuning existing application security solutions. This demonstrates that for security professionals, the release of an application does not mean the work is over, it really has just begun. And with limited hours in a day, the backlog of vulnerabilities builds up, which means for IT professionals the backlog is growing larger even quicker.
Acknowledging Backlogged Vulnerabilities
Nearly all (93 percent) security professionals report having up to 5,000 vulnerabilities in their backlogs. But IT professionals may be in the dark with nearly half reporting they have no vulnerability backlogs at all. It’s an alarming divide and it begs the questions: Do IT professionals have the same visibility as the security professionals? Do they have the same training or knowledge base?
Clearly, IT professionals are unaware of the depth of difficulties security professionals face on a daily basis. How do we as an industry work to close this divide and improve the security around applications? Check out our next blog post for some advice!
In the meantime, you can download the full report for free here.