Only one-in-ten Russian organizations are aware of the danger of vulnerabilities in web applications

programming 6553433 1280

In 2020, attacks on the web accounted for one-third of all information security incidents. However, only 10% of Russian organizations believe that web applications are a priority element of the infrastructure for scanning for vulnerabilities.

Rostelecom-Solar surveyed April-June 2021 200 organizations of various sizes and profiles (public sector, finance, industry, IT, etc.) were interviewed. According to it, only 7% of organizations realize the importance of scanning an isolated segment of the IT infrastructure. For example, these are industrial networks or closed state data exchange systems. 29% of respondents consider it important to scan the external perimeter. Meanwhile, 45% of respondents named the organization’s local network as the key element for analyzing vulnerabilities. And only one-tenth of respondents consider it important to scan all elements of the infrastructure.

In general, according to the survey, 70% of organizations have vulnerability control. However, most of them do not scan regularly: more than 60% of companies scan the infrastructure once a quarter or less.

Experts note that almost all organizations either conduct scanning automatically (41% of respondents answered this way) or by means of a single dedicated information security specialist (39%). This is not enough to quickly process the data obtained from the scanner and formulate up-to-date recommendations for closing the vulnerabilities found.

According to experts, if the company does not have a vulnerability management process and there are no resources for processing the received data, so-called shadow IT appears in the infrastructure. These are unrecorded and therefore unprotected areas of the IT landscape that can be exploited by hackers to carry out an attack.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source