A report from leading analyst firm Quocirca has revealed that 90 per cent of companies that fall victim to computer hacking outsource more that 40 per cent of their code.
At the same time, outsourcing is reported to be on the up, with 78 per cent of companies who consider software development to be critical choosing to outsource. Despite this, security appears to be left out in the cold, with 60 per cent of these companies choosing to outsource failing to mandate the need for security to be built-in, while 20 per cent have no consideration for security at all.
The Quocirca report, supported by Fortify Software, was carried out amongst 250 C-Level executives and IT directors in the UK and Germany, working in companies with more than 1,000 employees.
Other statistics already reveal that the software application layer is where hackers gain access to critical data, with NIST (National Institute of Standards and Technology), stating that 92 percent of vulnerabilities affecting computer networks are contained in software applications.
As outsourcing increases, these sensitive areas are being developed outside of companies direct control, and despite the presence of service level agreements, there's no way of guaranteeing the integrity of applications.
In 2007, TS Ameritrade was forced to disclose that personal details regarding 6.3 million customers had been leaked through vulnerability caused by a backdoor created by an outsourced programmer.
"These survey results help explain the recent, sudden rise in data breaches and should serve as a wake-up call to any executive whose company sits on a pile of mission-critical application code," said Howard Schmidt, a former cyber security advisor to the White House, now working for Fortify Software.
In the report, financial services companies were revealed to be the most likely to outsource, and of these 72 per cent said that more than 40 per cent of code is written externally. Other areas which major on outsourcing was the public sector, while at the other end of the scale, just seven per cent of utility companies do so.
Fran Howarth, principal analyst at Quocirca and author of the report said: "The findings of this report indicate that not enough is being done by organisations to build security into the applications on which their businesses rely. Not only that, but they are entrusting large parts of their application development needs to third parties. This creates an even greater onus for organisations to thoroughly test all code generated for applications-without which they could be playing into the hands of hackers."
