London, UK – April, 16 2019 – With vulnerabilities recently being disclosed in Huawei and Asus laptops, which have highlighted the importance of vendors carrying out thorough security checks on technology before shipping to customers, a new study from Outpost24, an innovator in identifying and managing cyber security exposure, has revealed that 23 percent of organisations don’t carry out any security testing at all on products before they are launched into the market.
The study, which was carried out in March 2019 at the RSA Conference in San Francisco, also shockingly revealed that 31 percent of IT security professionals have admitted that their organisation has marketed a product, which they knew contained security vulnerabilities so they could beat competition.
Other findings from the study revealed that 21 percent were not sure if their organisation carried out security testing on products before going to market, while only 56 percent of respondents claimed that their organisation did.
“These figures raise concerns about the priority that organizations are placing on security, especially when attempting to beat competition by rushing products to market”, said Bob Egner, VP of Outpost24. “What many of the respondents are clearly forgetting is the damage security vulnerabilities can not only do to an organisation’s customers, but also to brand and reputation. If a company ships products which are notoriously flawed with security vulnerabilities then they will not keep their customers for long and may ultimately face legal issues. The value of beating competition can be lost or even reversed.”
Survey respondents were also asked about when security was added into the development stages of products, and this revealed that only 56 percent of organisations add security into the product development cycle at the very beginning, while 29 percent said they add it in the middle and 15 percent said they do it at the end.
“Any organisations that is developing and marketing products should look to build security into the design stage, as the cost to correct them is documented to be smaller at an early stage of the development process. Taking a secure by design approach will mean security is built into the foundations of a product and will limit the cyber risks face by users, which will ultimately increase customer satisfaction as well,” continued Egner.
Notes to editor:
This survey was carried out in March 2019 at the RSA Conference in San Francisco and studied the attitudes of 121 security professionals.
For more information on the study
Outpost24 is a leading cyber assessment company focused on enabling its customers to achieve maximum value from their evolving technology investments. By leveraging our full stack security insights to reduce attack surface for any architecture, Outpost24 customers continuously improve their security posture with the least effort.
Over 2,000 customers in more than 40 countries around the world trust Outpost24 to assess their devices, networks, applications, cloud and container environments and report compliance status for government, industry sector, or internal regulations.
Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.