Content, Content

Study: Continuous Security Testing On the Rise

Security testing is becoming part of an organization’s normal, everyday routine rather than a once annual event focused only on compliance, a new report said.

Nearly half (44 percent) of 300 organizations surveyed in Synack’s 2020 State of Compliance and Security Testing Report indicated they are performing security tests on a monthly or weekly basis. That trend line suggests a move toward a more effective continuous model, the crowdsourced security platform provider, said.

“The rapid embrace of crowdsourced security testing has happened because it is proven to work better than traditional security testing methods and addresses the ever growing talent gap within organizations,” said Dr. Mark Kuhr, Synack’s chief technology officer.

According to Kuhr, two major trends have influenced crowdsourced security testing’s growth: rapid product development cycles requiring a continuous approach to security testing; and, organizations are looking to crowdsourced security owing to pressure from boards and regulators to remain compliant and secure. Synack projects the adoption rate for crowdsourced security testing will increase four-fold in 2020.

“Although we are seeing a move toward a 24/7, 365 security culture at organizations in a wide variety of industries and geographies, there is still ample room for improvement,” said Aisling MacRunnels, Synack’s chief marketing officer. “Our survey found that on average, most security tests are lasting just 20 hours. As the number of cyber incidents continues to increase, it will be imperative for decision makers to implement security testing solutions on a continuous basis with 1500-2000 hours of testing a year.”

Here are some of the study’s key findings:

  • 63% of organizations said that the most common use case for external vendors is to identify and reduce vulnerabilities, which is encouraged by different compliance frameworks and best practice standards.
  • 52% of organizations experience unwanted cost and complexity due to overlap in functionality from using multiple security vendors, which is caused by poor budget allocation and overlap in vendor capabilities.
  • 32% of compliance testing processes are expensive and difficult to scale, yet crowdsourced security testing solutions provide 147% higher ROI than a typical pen test and may decrease the burden of testing on organizations by reducing signal-noise ratio.

The Redwood City, CA-based, six-year old Synack, which was founded by former U.S. Department of Defense hackers Jay Kaplan, who serves as the company’s chief executive, and Kuhr, combines ethical hacking and an artificial intelligence-enabled platform to create its security solution. Synack claims that it secures roughly $1 trillion in Fortune 500 revenue, 75 percent of the top credit card companies, top 10 consulting firms and security companies, and more than 50 percent of federal cabinet-level agencies. As of 2017, Synack had raised some $60 million in funding over six rounds, posted revenue of about $25 million and had a post-money market evaluation of $100 million to $500 million.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.