<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Is the Gap Between IT and Security Professionals the Real Root Cause of Breaches?

Audrey Sunu on Jul 11, 2016

We recently released a report, The Real Root Cause of Breaches, which revealed that there is a damaging divide between general IT professionals and specialized security professionals when it comes to perception and implementation of application security in enterprises. Check out the infographic below: 

great-divide-real-root-cause-report-infographic.png

 

Dive further into the data and you'll soon see that security and IT professionals are at odds in three major areas:

Immediacy of Updates

Security professionals know that today’s security solutions need constant and seemingly never-ending updates and patches to keep corporate data and applications secure against evolving threats. In fact, 82 percent of security pros say they update applications at least once a week, and 52 percent say they update applications at least once a day, or even multiple times a day. However, some IT professionals are running applications without updates for up to six months. This means for half a year IT professionals are allowing their applications to be vulnerable to attacks.

Tuning Existing Application Security Solutions

According to our report, 97 percent of security professionals spend up to 4 days of the week tuning existing application security solutions, versus 83 percent of IT professionals who only spend 2.5 days/week tuning existing application security solutions. This demonstrates that for security professionals, the release of an application does not mean the work is over, it really has just begun. And with limited hours in a day, the backlog of vulnerabilities builds up, which means for IT professionals the backlog is growing larger even quicker.

Acknowledging Backlogged Vulnerabilities

Nearly all (93 percent) security professionals report having up to 5,000 vulnerabilities in their backlogs. But IT professionals may be in the dark with nearly half reporting they have no vulnerability backlogs at all. It’s an alarming divide and it begs the questions: Do IT professionals have the same visibility as the security professionals? Do they have the same training or knowledge base?

Clearly, IT professionals are unaware of the depth of difficulties security professionals face on a daily basis. How do we as an industry work to close this divide and improve the security around applications? Check out our next blog post for some advice!

In the meantime, you can download the full report for free here. 


Back to blog





Audrey Sunu

Topics: Application Security, Vulnerability remediation, Information Technology, Security Research