Did you know that a recent study by the Aberdeen Group of more than 150 organizations found that the average total cost to fix a single application security incident is approximately $300,000.00?
Let’s just say for argument sake that the researchers are lying or that they are total imbeciles and it is really only half that amount?
Would your Chief Financial Officer consider it sheer delight to cough up $150,000 to cure a problem that could have been prevented?
We all know the answer to that, don’t we?
So then, why has the marketplace been so slow to adopt a strategic initiative to prevent exposure to this pervasive risk?
Slow?
Yes.
Slow, like molasses going up hill in the dead of winter.
Get the picture?
No?
Okay, here are the numbers:
- 70% of organizations do not consider application security a strategic initiative
- 67% of web vulnerabilities are UN-patched
- 49% of web vulnerabilities are considered critical
- Less than 20% of information security budget and attention are allocated to Web Application budget security which represents:
80% of security risks
This glaring disconnect between the acknowledgement of security issues and the willingness to fix them provides much fodder for great conversation at happy hour but talk does little to mitigate this burgeoning security risk.
Additionally,
- there were 450,000 SQL injection per day, USA Today, March 2009
- Security breaches cost $202 per exposed record , SC, February 2009
And furthermore,
- Clean up cost for fixing a single bug in a Web Application ranges from $400 to $4000.00
- It consumes 40 man-hours at $100/hr. to fix one vulnerability, and
- It is 6.5 times expensive to fix a flaw in development than during design, 15 times more in testing and 100 times more in deployment according to the National Institute of Standards and Technology (NIST)
- 70% of successful attacks are now at the application layer AND
100% of all vulnerabilities in homegrown applications are in place prior to production —Gartner
So, now that I have exposed the harsh reality here in this post again, I know it will be very easy to forget because,
Well,
Life happens.
But don’t get stung.
Sign up for a free demonstration of our Web Application Firewall also known as Web Defend, which is perhaps the best vaccine against infection.
So says,
John Hopkins University.
They should know. They are using Web Defend.
“After the first few weeks, the WAF began telling us how well were doing instead of how many problems we had. As we addressed the issues the WAF pointed out, the news became more and more positive. Today we see very few successful threats and enjoy seeing the hundreds of thousands of failures.”