Reports offer sobering assessments on web-app, data security

Reports offer sobering assessments on web-app, data security

Fixing critical-risk vulnerabilities in public internet-facing Web apps took about 18 fewer days last year than it did in 2018, according to a new report, but it still took organizations an average of almost 56 days to do it.

The report, from vulnerability management firm Edgescan, found that it also took 49.26 days to remediate network layer critical-risk vulnerabilities.

Edgescan executives used the report to security-shame organizations that are still completing remediation too slowly. They cited eyebrow-raising breaches last year that they say cumulatively exposed 8 billion records, saying at least some Web application layer vulnerabilities could have been prevented by the use of appropriate secure development and visibility practices that are commonly practiced.

One encouraging note in the report is that remediation times, while still lagging, are coming down even while vulnerabilities are climbing significantly.

• Externally facing Web-app vulnerabilities rated high or critical increased from 19.2% of all vulnerabilities in 2018 to 34.78 percent last year.

• Externally facing network-layer vulnerabilities more than doubled, moving from two percent in 2018 to 4.79 percent of the total last year.

The number begs the question, how hard will managing app security be with distributed edge systems if CIOs cannot tackle known issues?

Health care industry tops dubious list

The attention focused on the health care industry is about controlling infection diseases at the moment, and understandably so. But a new report indicates that health care is significantly more exposed to cloud risks than all other industries surveyed.

Censys Inc., a digital asset tracking and detection security vendor, counted exposed databases and remote-login services at the 10 largest companies revenue in seven industries, including health care, finance, manufacturing, insurance, hotels, energy and automotive.

Health care — pharmaceutical makers, insurers, care providers and pharmacies — had an average of 13 exposed databases per company. It also overshadows the other industries when it comes to the average number of exposed remote desktop protocol servers. The industry had eight. The second biggest risk in this category was manufacturing.

Manufacturing also ranked No. 2 when it came to exposed databases by company, with about seven.

Energy companies, which have a long-standing preference of intuition over computation, had only one exposed database per company, according to Censys.

As with the Edgescan item above, Censys makes no bones about it — visibility practices are falling short in a way that puts private information at risk.

Article Topics

 |   |   |   |   | 

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Edge Analysis & Opinion

Featured Company

Edge Market Reports

Explaining Edge Computing

Edge Computing Events

EdgeIR.com

Latest News