Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/7/2011
11:12 AM
50%
50%

Enterprises Still Ignore Security Risks In New Apps

Despite widespread threats and breaches, most enterprises treat security issues in new apps as an afterthought, says Ernst & Young survey.

Enterprises are in such a rush to adopt new technologies, such as cloud computing, mobile devices, and social media, that they are often overlooking the security risks, according to a new study.

According to Ernst & Young's 14th annual Global Information Security Survey, many companies are aware of the risks that new technology presents, yet they move ahead without implementing security controls.

"Although 72% of respondents see increasing levels of risk due to external threats, and more companies are likely to adopt mobile tablet usage, security implementation is still low," Ernst & Young said. The survey also reports that only about a third of respondents have updated their information security strategies in the past 12 months.

Eighty percent of organizations currently are using or considering using mobile tablets, and 61% are using or considering the use of cloud computing services within the next year, Ernst & Young said. The survey of 1,700 organizations around the world also found that cloud computing is the top security funding priority for the next year.

Fifty-nine percent of respondents plan on increasing their information security budgets in the coming 12 months, the study said. However, only 51% of respondents stated that they have a documented information security strategy.

Overall, for the second consecutive year, respondents indicated that business continuity is their top funding priority.

Many organizations are still unclear about the implications of cloud technology. Almost half (48%) of respondents listed the implementation of cloud computing as a difficult or very difficult challenge, and more than half have not implemented any controls to mitigate the risks associated with cloud computing. The most frequently taken measure is stronger oversight of the contract management process with cloud providers, but only about 20% of respondents do it.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
11/7/2011 | 11:42:02 PM
re: Enterprises Still Ignore Security Risks In New Apps
This is typical of new technologies. Often, the last thing that anyone (vendors, users or the media) talks about when there is a cool new technology is security.

Jim Rapoza is an InformationWeek Contributing Editor
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17513
PUBLISHED: 2019-10-18
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .