There have been 690 large-scale data breaches so far this year, with more than 175 million consumer records accessed by unauthorized individuals. While this is actually a significant decrease from last year’s record-setting number of breaches, security experts have warned that this is still too high. The reason for concern? It isn’t changing enough to justify the years of effort security and IT pros are putting into making our data safer and more impenetrable.
One source has cited the software companies themselves as being the weak links in the data protection chain, largely because of an inflated sense of how secure they really are. In an article for NetworkWorld, Jon Oltsik described the issue with tech pros’ senses of their own capabilities, going back to an ESG report, Cyber Supply Chain Security Revisited. For this survey, ESG asked 280 cybersecurity and IT professionals about their confidence levels surrounding the security of their companies’ internally-developed software.
“Nearly half (47%) said they were ‘very confident,’ while another 43% were ‘somewhat confident.’ While IT and cybersecurity professionals seem to be brimming with confidence about their software security, further ESG data makes you wonder why this is so. For example, 33% of the critical infrastructure organizations’ surveyed have experienced a security incident related directly to the compromise of an internally developed application. Furthermore, only about half (52%) of these same organizations have an enterprise mandate for a secure software development lifecycle (SDL) where ALL software development activities must adhere to a rigorous set of security processes. The rest of the organizations give developers plenty of leeway to figure out how much software security is or isn’t necessary on a case-by-case basis.”
When the pros who develop the software that gets compromised aren’t self-aware enough to know how or why it is vulnerable, it’s not much of a surprise that data breaches occur. Interestingly, according to a year-end report by WalletHub, the fifty US states and the District of Columbia were ranked according to the ability to prevent their citizens from being susceptible to identity theft or fraud; California–home to Silicon Valley–ranked near the very bottom of the list for its ability to prevent these crimes, and Washington, DC, home to the federal government, ranked lowest.