I (Adriel) read an article published by Charles Cooper of c|net regarding small businesses and their apparent near total lack of awareness with regards to security. The article claims that 77% of small- and medium-sized businesses think that they are secure yet 83% of those businesses have no established security plan. These numbers were based on a survey of 1,015 small- and medium-sized businesses that was carried out by the National Cyber Security Alliance and Symantec.
These numbers don’t surprise me at all and, in fact, I think that this false sense of security is an epidemic across businesses of all sizes, not just small-to-medium. The question that people haven’t asked is why does this false sense of security exist in such a profound way? Are people really ok with feeling safe when they are in fact vulnerable? Perhaps they are being lied to and are drinking the Kool-Aid…
What I mean is this. How many software vendors market their products as secure only to have someone identify all sorts of critical vulnerabilities in it later? Have you ever heard a software vendor suggest that their software might not be highly secure? Not only is the suggestion that all software is secure an absurd one, but it is a blatant lie. A more truthful statement is that all software is vulnerable unless it is mathematically demonstrated to be flawless (which by the way is a near impossibility).
Very few software vendors hire third-party vulnerability discovery and exploitation experts to perform genuine reviews of their products. This is why I always recommend using a third-party service (like us) to vet the software from a security perspective before making a purchase decision. If the software vendor wants to be privy to the results then they should pay for the engagement because in the end it will improve […]