Data breach report reveals need to boost internet security

According to the internet security report, a high percentage of insecure web applications and susceptibility to SQL injection plus malware demonstrates a widespread lack of understanding about these subjects.

It also, says the study, highlights the need for educating software developers about preventative measures.

Delving into the research reveals the need for companies to take further steps to protect their web server environments, conduct security testing and also ask questions of their web developers/ hosting companies, who often claim that their website software has been written securely.

The data also suggests a strong link between security breaches and the absence of thorough security auditing – most notably penetration testing and security assessments.

Commenting on the research, which was drawn from more than 60 computer forensic investigations undertaken by 7Safe, the firm's CEO Alan Phillips, said: "Compared with many existing studies that are based purely on survey data, this report reveals what is really happening in the UK."

"The work carried out by 7Safe's breach investigation team has been expertly analysed by Professor Carsten Maple of the University of Bedfordshire, and the results are intriguing", he added.

One of the most interesting conclusions of the report is that the large number of data breaches suffered by online retailers can be explained by the potentially lucrative reward of payment card details.

"Crime has evolved onto the internet. It may be easier for a criminal to hack into a web server and steal thousands of credit card details and from a hidden location on the internet, than to steal a purse or a wallet from a vulnerable person to gain some cash and maybe one or two credit card numbers", says the report.

As a result the study notes, the risk-versus-reward situation has changed dramatically.

According to the report, it often falls to the IT managers and information security specialists to implement the technical controls to protect commercially sensitive information. "However, effective information security has a wider remit than that of the IT manager/security specialist. It is the experience of 7Safe that those organisations whose executive level drives information security as a company-wide managed project are also the most successful in the implementation of effective controls", it notes.

"Therefore we recommend that company executives use this report as a catalyst for initiating a review of company-wide information security practice and analysis of gaps."

What’s Hot on Infosecurity Magazine?