Organizations feel vulnerable to multi-tiered cyberattacks that can affect the entire software stack, as they face more challenges with an ever-expanding attack surface. As such, 92% admit to having compromised in application security due to the urgency to innovate and meet changing customer needs during the global pandemic.
In fact, all the respondents in Singapore admit that the innovation fever has come at security costs in the software development process, according to a research Released by Cisco Systems AppDynamics. The global survey polled 1,150 IT organizations across 13 markets, including Australia, India, Japan, Germany, the UK and the US, all with over $500 million in revenue, except for excluding Colombia, including companies with sales of more than $500 million. $100 million in revenue.
Overall, 78% believe their business is vulnerable to a multistage security attack over the next 12 months, which could affect their entire software inventory. About 89% said they now have a wider attack surface than they did two years ago, with 46% noting that this has posed more of a challenge.
Around 59% pointed to the increasing use of the Internet of Things (IoT) and connected devices as the main reason they have a wider attack surface, while 56% cited cloud adoption accelerated, and 51% said their rapid digital transformation expanded their attack surface.
The majority, at 88%, admit more could be done to secure their modern applications over the entire software lifecycle. However, 81% said insufficient software security resources and skills were a challenge for their organization, with 78% noting that there was a lack of shared vision between the application development team and the security team. will pose a challenge to software security over the next 12 months.
Respondents pointed to many of the software security challenges they will face this year, including a lack of visibility into attack and vulnerability surfaces, sensitive data protection, and other challenges. Difficulty prioritizing threats based on severity and business context.
“The broad adoption of multi-cloud environments and the availability of code-less and code-less platforms allow developers to accelerate development,” said Eric Schou, vice president and CMO of Cisco AppDynamics. operate and build more dynamic applications on more platforms”. parcel. “But with application components increasingly running on multiple platforms and on-premises databases, this exposes visibility gaps and greatly increases the risk of security incidents. “
He noted that 68% of respondents said their security tools work well in silos, but not cohesively, resulting in an inability to get a complete view of the organization’s security posture. their.
Schou added: “New cybersecurity threats are revealing flaws in traditional approaches to application security and in particular the lack of input that security puts into the development process. application.In many organizations, there is little cooperation going on between organizations, if any, development and security teams They only get involved when a security issue arises, essentially when too late.”
He noted that many IT departments are now embracing DevSecOps approach, which helps ensure integration of application security and compliance testing throughout the software development lifecycle. “Developers can embed robust security in every line of code, resulting in more secure applications and easier security management before, during, and after release,” he said.
Around 93% of respondents also believe it is important to contextualize security so that they can correlate risks related to other key areas such as software performance, user experience, and business metrics. business. Research shows this will allow for better prioritization of vulnerability fixes based on potential business impact.
In Singapore, 96% said the ability to contextualize security is essential. Another 88% indicate that adopting a security framework that covers the entire software stack is a top priority for their business. About 81% said the lack of software security skills and resources was a challenge for their organization, and 96% said their attack surface had expanded over the past two years. Another 81% believe they are vulnerable to a multistage security attack over the next 12 months.
About 37% in the Asian market said they have taken the first steps in adopting the DevSecOps model, while 58% are considering doing the same.
Globally, 76% believe a DevSecOps approach is important to enable companies to effectively defend against multi-stage cyberattacks targeting the software stack. About 43% have already started adopting this app development model, while 46% are considering doing the same.