Follow this blog:: RSS; Email Alert

IT Security

Infographic: How cyber-secure are public companies?

May 9, 2012, 9:00 AM PDT

Takeaway: This infographic presents some less-than-stellar numbers illustrating how well public companies are securing their web applications.

The infographic below, courtesy of Veracode, presents a pretty sobering look at how well public companies are doing with cybersecurity — breaking down the most popular attack vectors and the type of exploits that have been the most successful. The graphic is based on Veracode’s “Study of Software Related Cybersecurity Risks in Public Companies” which you download by following the link (requires registration).

Using the Open Web Application Security Project’s (OWASP) top 10 critical flaws of web apps to measure against, 84% of companies’ web apps were deemed unacceptable. The data collected for this report came from 126 public companies over the last 18 months.

Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

About Selena Frye

Selena Frye is a Senior Editor at TechRepublic.

Preparing for the DNSChanger Internet outage

Malware poses as software updates: Why the FBI is warning travelers

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

See All Comments

Staff Picks
Top Rated
Most Recent
My Contacts

No messages found

0 Votes

+ -

Since when, exactly, has government run like a business?

JJMach Updated - 11th May 2012

(Quick note: by "public" I think the author meant "publicly traded," not government owned. Now onto my screed.)

Government removes the profit motive (so you can drop the latter half of your quote) and, largely, the consequences of their (in)action.

At least public companies are waking up to the issue and realizing, not only can failures of cyber-security cost them a lot immediately (stolen IP, lawsuits over exposure of personal / health / financial data, paying for credit monitoring of exposed customers), but it can also lead to long-term bad press and ill-will that will choke the bottom line. "If they're that sloppy with those people's information, why would I want to do business with them and put myself at risk?"

As companies get a better idea of the cost of a security breach, they are more than willing to pay to hedge against that. In the government sector, unless you cause a scandal that actually gets published in the press, there is little to no motivation to plug the holes in IT security.

I would normally make an exception for the military where loose lips (and keyboards) really _DO_ sink ships, but after the Wikileaks / Manning scandal uncovered that the military had demanded to use unsecure workstations with their Top Secret database network. Where were the resignations over that?

View in thread

1 Vote

+ -

Since government is ran like a business

HypnoToad72 9th May 2012

and the law of profit is "Do as little work as much as possible for the maximum amount of return", I doubt private companies are doing much better and, especially for the rising fad of BYOD and how it's not hard to hack Android (or even unjailbroken iDevices, thank scores of PWN2OWN events)), the best is yet to come... or worst, it depends if you're a supply-side company that did things on the cheap or not...

View in thread

Once logged in, adding contacts is simple. Just mouse over any member's photo or click any member's name then click the "Follow" button. You can easily manage your contacts within your account contacts page.

See all comments