Application Security for Startups and SMEs
October 20, 2016
Despite all the media attention on large enterprise data breaches such as Yahoo and TalkTalk, small and medium-sized enterprises (SME) don’t feel that they will be a target of an attack given their limited web presence. Based on a number of studies, this is clearly not the case and in fact, SMEs more susceptible to an attack as this report will illustrate.
Osterman Research’s survey purports that 71% of SMEs have suffered a security breach during the previous 12 months. Since these breaches are rarely made public, most SMEs are reticent about investing in appropriate security measures and personnel to address the risks associated with protecting their brand and their customer’s sensitive data.
Although large enterprises, once breached, offer the opportunity for a significant payout, SMEs are an easier target given their lack of security expertise, budget, and personnel to understand and address the risks.
According to the Annual Security Report 2016, 22% of businesses with fewer than 500 employees do not have an executive with direct responsibility and accountability for security.
Source: Annual Security Report
Recently Ponemon Institute surveyed 600 IT leaders at small and medium-sized businesses for its State of Cybersecurity in Small & Medium-Sized Businesses report and found out that 49% of businesses have experienced ‘Web-based (web application) Attack’ and noted these attacks as the most common threat facing businesses today. Even Gartner stated that 70% of all security breaches occur due to vulnerabilities within the web application layer.
However, many SMEs tend to ignore an investment in application layer technologies given the perception that their web presence is not significant enough to attract hackers’ attention. SANS Institute’s IT Security Spending Trends reports that companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data. Given that the majority of security vulnerabilities exist at the application layer, it’s imperative that SMEs start looking beyond the traditional security approach restricted to the network layer. They must have a plan to manage their web presence.
The ideal solution would be to develop and manage an in-house application security program but given the lack of expertise and budget, this initiative is not tenable for most SMEs. With security costs going up and a dearth of cybersecurity talent in the marketplace, SMEs can’t compete large enterprises to find and retain talent.
Overcoming Application Security Challenges
Companies need a holistic application security approach to overcome the challenges of hiring & managing trained security staff without enterprise-level costs.
Indusface AppTrana helps achieve 360-degree of web application security with detection, protection, and monitoring of web applications a fraction of the cost of hiring an in-house team. Offered as a service, it includes web application scanning, malware scanning, defacement monitoring, web application firewall, penetration testing, and remediation along with full management of the operation using subject matter experts.
- Comprehensive application security protection for all of your domains
- Continuous scanning and penetration testing to find logical flaws in the applications
- Vulnerability patching (virtual) through Web Application Firewall
- Real-time monitoring, tuning, and remediation of attacks with custom rules for logic flaws
- Application DDoS attack mitigation
- Annual subscription per domain or hourly rates on AWS Marketplace
