Crowdsourced Security Testing for Privacy Compliance Is Rising
A new report claims the number of organizations using continuous crowdsourced security testing for compliance may quadruple in 2020.
REDWOOD CITY, Calif. — A major cultural shift among some of the world’s largest organizations and institutions is occurring with the increased adoption of a continuous network testing model to ensure compliance with data privacy regulations, a new report declares.
The 2020 State of Compliance and Security Testing Report, conducted by Synack, asserts that organizations are utilizing crowdsourced security testing to achieve regulatory compliance and real security, with adoption expected to increase four-fold in 2020.
Synack offers “crowdsourced penetration testing,” which means that its team of cybersecurity researchers attacks a specific target identified by the client to find security vulnerabilities.
With new compliance frameworks such as GDPR and CCPA drastically increasing the cost of a breach, many organizations are racing to protect their data. In an increasingly connected, highly regulated and digital world, business leaders and decision makers are turning to outside vendors that can ramp up quickly in a cost effective manner, according to Synack.
The company says the growth in crowdsourced security testing can be attributed to two major trends. The first: rapid development cycles.
“Today’s security teams have shorter development cycles and dynamic environments that require rapid deployment and a continuous approach to security testing,” states Synack CTO and Co-Founder Mark Kuhr. This explains the shift toward continuous, crowdsourced security testing for compliance purposes, he continues.
Despite a move toward an around-the-clock “security culture” at organizations in a wide variety of industries and geographies, there is still ample room for improvement, says Aisling MacRunnels, Synack’s CMO.
“Our survey found that on average, most security tests are lasting just 20 hours. As the number of cyber incidents continues to increase, it will be imperative for decision makers to implement security testing solutions on a continuous basis with 1,500-2,000 hours of testing a year.”
Secondly, organizations are looking to crowdsourced security due to tremendous pressure from boards and regulators to remain compliant and secure. Regulatory frameworks and best practices mentioned in the report including GDPR and HIPAA are increasingly requiring or recommending an annual or more frequent audit with penetration testing.
For the report, Synack surveyed leaders from more than 300 organizations representing a number of industries and verticals, including technology, government, healthcare, information technology and financial services.
Almost 45% of organizations and institutions surveyed are performing security tests on a monthly or weekly basis, which suggests they are moving toward the more effective continuous model that crowdsourced solutions enable, the report states.
Other findings include:
- 63% of organizations agree that the most common use case for external vendors is to identify and reduce vulnerabilities, which is encouraged by different compliance frameworks and best practice standards
- 52% of organizations experience unwanted cost and complexity due to overlap in functionality from using multiple security vendors, which is caused by poor budget allocation and overlap in vendor capabilities
- 32% of compliance testing processes are expensive and difficult to scale, yet crowdsourced security testing solutions provide 147% higher ROI than a typical pen test and may decrease the burden of testing on organizations by reducing signal-noise ratio
To download a copy of the report, go here.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!