At a time when the state of cybersecurity is constantly changing, with new threats growing every day, it is vital for all organizations to keep it at the top of their list of priorities. Enterprise applications are increasingly targeted by cybercriminals, and their ability to protect and defend against these attacks is a crucial part of their operations. Just as there are many types of cybercriminals and cyberattacks, a business can choose from many ways to harden its application security.
In an effort to explore the current state of application security, Cybersecurity Insiders has partnered with Beyond Security by HelpSystems conduct an in-depth study of cybersecurity trends. The resulting report is based on a comprehensive survey of cybersecurity professionals to better understand current application security trends, challenges, and solutions. Respondent demographics vary by career level, department, company size, industry and resources to create a balanced representative sample.
Major concerns and challenges
According to 44% of survey respondents, one of the top application security concerns for organizations is data protection. Additionally, 42% of respondents are concerned about tracking the growing number of vulnerabilities, 38% about detecting threats and breaches, and 37% about securing cloud applications. Other top concerns cited by cybersecurity professionals include securing the applications they develop (37%) and protecting against malware (29%).
When asked what types of applications pose the highest security risk to businesses, 42% of respondents said customer-facing web applications and 40% cite legacy applications. Mobile apps (30%), desktop apps (28%) and internal web apps (26%) lag a little behind, but still pose a risk.
The study also strives to understand what potential issues can prevent organizations from better defending against application attacks. Challenges that organizations cite as major obstacles to better defense include a lack of qualified staff (39%), low security awareness among employees (35%) and lack of budget (35%)followed by a lack of collaboration between departments (29%), and a lack of management support and awareness (26%).
Similar issues arise during penetration testing of business applications. When asked about the biggest challenge in penetration testing, 25% of respondents cite difficulty finding and hiring qualified people, while 16% say it’s too expensive to test as many applications as they want , and 13% say it’s too expensive to test as often as they want. Additionally, 45% say the pressure to quickly develop and release new software causes app developers to neglect secure coding practices.
App Attacks: How Common and What Forms Do They Take?
Of the organizations surveyed, 44% experienced data breaches, including a total of 20% in the past year alone. While 24% of respondents have never experienced a data breach, 32% don’t know if they’ve ever experienced an application breach or compromise.
When it comes to application security attacks in the past 12 months, 31% of respondents say they were targeted by malware attacks, followed by 23% who experienced Distributed Denial of Service (DDoS) attacks. ), 21% who experienced app misconfiguration, and 20% who experienced credential theft. While the top threats remain largely the same, app attacks are increasing in volume and risk.
How Organizations Protect Against Attacks
The majority of organizations (91%) have a dedicated application security program in place. While a relatively small 9% of respondents rely exclusively on outsourced application security, 39% of these companies use in-house management and 36% use a combination of in-house and outsourced application security. This means that organizations largely base their application security, at least in part, on the skills and expertise of their own cybersecurity professionals.
One way to secure line-of-business applications is to test them automatically at some point, or multiple points, during development and release. When it comes to automated security testing, 54% of organizations surveyed have some sort of automated testing in the software release lifecycle. Of these organizations, 48% automate security testing during software testing, 31% during monitoring, 29% during code development, and 23% during product release. A smaller proportion of organizations automate security testing when reviewing operations (16%) and planning (15%).
Overall, the study shows that enterprises are taking application security seriously and working hard to protect their applications against attacks. An encouraging 51% of respondents expect an increase in application security budget over the next 12 monthsas well as 34% who expect their budget to remain stable.
Application attacks are a growing threat, exposing organizations to the risk of malware, disruption, theft, and misconfiguration exploits. Organizations must spend time, effort, and money keeping their applications secure, and the majority of respondents for this study consider application security to be a top priority and concern.
While organizations understand the importance of application security and are ready to put in the work, there are several obstacles that make it difficult to put into practice. The toughest barriers in place are lack of staff, staff awareness of security, and not having an appropriate budget to secure applications. However, more than half of respondents expect to see an increase in the budget for application security in the coming year.
For more information, you can find the full survey here.