Lack of awareness remains the biggest issue for cyber security


November 22, 2013

To get a true sense of how serious the problem of cyber security breaches has become, it may only require a quick look at trends from the past decade.

As the initial dot-com phase transitioned into a business world dominated by mobile devices, anywhere-access, real-time communications and dozens of products and solutions businesses now need to stay competitive, new threats have emerged.

According to Drazen Drazic, managing director at security solutions company Securus Global, businesses have been quick to adopt these technologies with high hopes of strong ROI, and in many cases this has been a success. But unfortunately, for all the time spent investing in new technology, many companies have equally neglected strong cyber security.

However, Mr Drazic asserted it's uncommon for businesses to make the conscious decision to put cyber security on the backburner. Most often, it comes down to a lack of awareness of just how common – and damaging – security breaches are.

How penetration testing can help

Mr Drazic stated Securus Global, which performs penetration testing for companies, has found companies aren't keeping up with the quickly changing times.

"All these things that weren't around 10 years ago – social media, cloud services, new operating systems, mobile technologies – come with new sets of security issues that organisations need to consider and get their head around," Mr Drazic stated.

"But we're not seeing better security in 2013. Well over 95 per cent of the websites and web applications we test for the first time have major-to-critical security vulnerabilities. It's a pretty scary statistic."

Sadly, most businesses won't take cyber security seriously until they realize first hand how detrimental a breach can be. Penetration testing has, on countless occasions, opened businesses' eyes up to the realities of cyber threats.

Assumptions are dangerous

Mr Drazic noted that one of the biggest barriers to improving cyber security is assuming the right protection is built into systems.

It's unlikely to find a business that will build or buy a product that openly offers poor security. The problems arise when a company assumes all systems in the 21st century are inherently hack-proof.

"Companies are making the assumption that because something is in production, developers should know what they're doing, and what they'll be getting in the end is secure," he said.

"Unfortunately that doesn't marry up to the reality of what we see out there."

For the state of cyber security to improve, it will require businesses to accept that with every new solution, there will likely be a security concern that must be addressed – and this will only continue as new technologies arise.

Leave a Reply

Your email address will not be published. Required fields are marked *