New survey data reveals a third of organisations have shipped products with known security vulnerabilities to beat competition
With vulnerabilities recently being disclosed in Huawei and Asus laptops, which have highlighted the importance of vendors carrying out thorough security checks on technology before shipping to customers, a new study from Outpost24, an innovator in identifying and managing cyber security exposure, has revealed that 23 percent of organisations don’t carry out any security testing at all on products before they are launched into the market.
The study, which was carried out in March 2019 at the RSA Conference in San Francisco, also shockingly revealed that 31 percent of IT security professionals have admitted that their organisation has marketed a product, which they knew contained security vulnerabilities so they could beat competition.
Other findings from the study revealed that 21 percent were not sure if their organisation carried out security testing on products before going to market, while only 56 percent of respondents claimed that their organisation did.
“These figures raise concerns about the priority that organizations are placing on security, especially when attempting to beat competition by rushing products to market”, said Bob Egner, VP of Outpost24. “What many of the respondents are clearly forgetting is the damage security vulnerabilities can not only do to an organisation’s customers, but also to brand and reputation. If a company ships products which are notoriously flawed with security vulnerabilities then they will not keep their customers for long and may ultimately face legal issues. The value of beating competition can be lost or even reversed.”
Survey respondents were also asked about when security was added into the development stages of products, and this revealed that only 56 percent of organisations add security into the product development cycle at the very beginning, while 29 percent said they add it in the middle and 15 percent said they do it at the end.
“Any organisations that is developing and marketing products should look to build security into the design stage, as the cost to correct them is documented to be smaller at an early stage of the development process. Taking a secure by design approach will mean security is built into the foundations of a product and will limit the cyber risks faced by users, which will ultimately increase customer satisfaction as well,” continued Egner.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.