The Security Innovation Europe Blog

Historically, IT security was primarily focused on network and endpoint security. Now, as the best practices of security begin to catch-up to the mounting threats posed by new technology, application development and the SDLC are suddenly within security’s remit. 

Whilst many organisations understand the need for improved application security, few are implementing their programs in an efficient and effective way. As a result, the vast majority of application security programs find themselves riddled with gaping holes – holes that can be readily exploited by software vulnerabilities and malicious third-parties. 

To help you plug some of the most common gaps found in application security programs, we’re looking at three strategies you can take action on today.

Attacks on your organisation aren’t just possible anymore. They’re inevitable. 

Whilst a growing number of organisations are aware of the need for application security, few are tackling the issue in an effective way.

In a survey of over 640 IT professionals, 7 crucial problems were repeatedly identified as recurrent barriers to effective application security. Resolving these problems will help your organisation improve developer security knowledge, and reduce the costs of software vulnerabilities – helping you to improve the maturity of your application security processes, and share in the competencies of high-performing software organisations.

Compliance with PCI Digital Security Standards is a priority for most large organisations. In addition to the legal ramifications of compliance, it’s essential to thwart malicious third-parties, and protect the loss and theft of sensitive data – and safeguard the customers it belongs to.

With that in mind, we’re drawing upon the findings of a global survey into the roles of over 3,000 IT professionals, and the state of PCI compliance in their organisations. The survey’s findings have identified 7 key drivers of effective PCI compliance training – and following each of these principles, you can ensure your own organisation does everything possible to protect card and cardholder data.

A security awareness curriculum is the vital first step in improving your security, helping you to raise organisation-wide awareness of the threats faced by your employees and business on a day-to-day basis.

A security breach can be devastating to a large organisation, delaying crucial projects, creating massive remediation costs, and negatively impacting the organisation’s reputation.

However, with 40% of data breaches occurring as a result of careless or unwitting insiders, your organisation has a huge opportunity to improve its security. Through simple employee security awareness training, you can dramatically reduce the primary cause of serious security breaches

One of the best frameworks for improving employee security awareness is the SOCIAL system; offering six tenets of effective security awareness that can be taught, quickly and easily, to your organisation’s entire workforce.

You’ve weighed-up the pros and cons of in-house and outsourced security training, and now, it’s time to choose a third-party training vendor. Your choice of partner will have a far-reaching impact on the efficacy of your security training investment, so it’s essential to choose a vendor capable of rolling out an effective security training program.

To make the right choice, it’s important to ensure that your chosen vendor offers each of these crucial aspects of effective security training.

In 2013, the Ponemon Institute carried out a crucial study into the efficacy of security practices in large organisations. 642 executives and engineers were surveyed, in order to gain crucial insights into security in the enterprise. Based on the results, two dangerously common problems were revealed.

The vast majority of executives surveyed believed that their organisations were following stringent and effective security procedures – in contrast to the handful of engineers (the people responsible for executing on security policy) that believed the same. On top of this, most organisations surveyed were found to be taking only minimal steps to address application security throughout the software development lifecycle.

Most organisations were failing to implement adequate security practices, and worse still, those organisations were completely blind to the problem at the executive level. Without any visibility into the need for security, no steps were taken to improve it.

Security is one of the most fluid challenges faced by organisations.

The computing field is in a constant state of flux, with new technologies and applications appearing on an almost daily basis. This constant process of change and development means that the security threats faced by your organisation change just as regularly.

There’s no guarantee that the secure systems of today will be the same as the secure systems of tomorrow. Without constant vigilance, and a pro-active attitude to security, the best-practices your organisation currently follows will become obsolete in a matter of months, weeks, or even days.

Even with a fantastic security training program and full executive support, there’s still a significant barrier for your organisation to overcome: your employees.