Companies fear that the software stack will be compromised as the attack expands

Organizations feel vulnerable to multi-tiered cyber attacks that can affect the entire software stack, as they face more challenges as the attack surface widens. As it stands, 92% acknowledged compromises were made in application security due to the urgent need to innovate and respond to changing customer needs during the global pandemic.

In fact, all respondents in Singapore Acknowledge that the rush to innovation came in security account During software development, according to study Released by Cisco Systems AppDynamics. The global survey surveyed 1,150 IT organizations in 13 markets, including Australia, India, Japan, Germany, the United Kingdom and the United States, all of which had sales of more than $500 million except for Columbia, which included companies with more than $100 million in revenue.

Across the board, 78% believed their business was vulnerable to a multi-stage security attack in the next 12 months that could affect the entire software stack. About 89% said they now have a wider attack space than two years ago, and 46% indicated that this already presents more challenges.

Some 59% cited increased use of the Internet of Things (IoT) and connected devices as the main reason they now have a wider attack scope, while 56% cited accelerated cloud adoption and 51% said rapid digital transformation has expanded their attack scope.

The majority, at 88%, acknowledged that more could be done to secure their modern applications across the entire software lifecycle. However, 81% said that insufficient software security skills and resources are a challenge for their organization, with 78% indicating that the lack of a shared vision across their application development and security teams will be a software security challenge over the next 12 months.

Survey respondents cited several security challenges they may face this year, including not seeing attack surfaces and vulnerabilities, protecting sensitive data, and difficulties prioritizing threats based on severity and business context.

“The widespread adoption of multiple cloud environments and the availability of low-code and no-code platforms enable developers to accelerate release speed and build more dynamic applications across more platforms,” said Eric Shaw, vice president and CEO, Cisco AppDynamics. Mail. “But as application components increasingly run on a mix of on-premises platforms and databases, this exposes visibility gaps and greatly increases the risk of a security event.”

He noted that 68% of respondents said that their security tools are working well in silos, but not coherently, which has resulted in the inability to get a comprehensive view of the security situation of their organizations.

Shaw added, “New cybersecurity threats expose flaws in traditional approaches to application security, and in particular, the lack of input of security into the application development process. In many organizations, there has been little sustained collaboration between developer and security teams. They are only involved when The emergence of a security problem, mainly when it is already too late.”

He noted that more IT departments are now embracing DevSecOps Approaching, which helped ensure application security integration and compliance testing across the software development lifecycle. “Developers can embed strong security into every line of code, resulting in safer applications and easier security management before, during and after release,” he said.

About 93% of respondents also believe it is important to contextualize security, so that they can correlate risks in relation to other key areas such as software performance, user experience, and business metrics. The study found that this would allow for better prioritization of fixes for security vulnerabilities based on potential business impact.

In Singapore, 96% said being able to contextualize security is essential. Another 88% indicated adopting a security framework across the software stack as a priority for their business. About 81% indicated that a lack of software security skills and resources was a challenge for their organization, while 96% said their attack surface had expanded over the past two years. 81% believed they were vulnerable to a multi-phase security attack in the next 12 months.

About 37% in the Asian market said they had taken their first steps in adopting the DevSecOps model, while 58% were considering doing the same.

Worldwide, 76% believe DevSecOps is critical to enabling companies to effectively protect against multi-stage cyber-attacks targeting the software stack. About 43% have started to adopt this application development model, while 46% are considering doing the same.

related coverage

Leave a Comment