February 2, 2017 By Douglas Bonderud 2 min read

Applications are now the foundation of both back- and front-facing digital services. Without cloud-based e-commerce portals, sophisticated mobile apps and user-friendly back office tools, companies simply can’t compete in a rapidly changing tech marketplace.

So it’s no surprise that 94 percent of chief information security officers (CISOs) are concerned about breaches: According to Infosecurity Magazine, reporting on a new Bugcrowd study, these security leaders are worried about serious threat to their publicly facing assets within the next 12 months.

What about the other 6 percent? What puts them at ease when it comes to application security?

Saw That Coming

As noted by the Infosecurity piece, there are a number of common threads to this app security issue. Budgets top the list, with 71 percent of respondents saying they face resource or budgeting issues. There’s also several environmental factors to consider.

The cybersecurity skills gap is at an all-time high, while cloud-based attack surfaces are ramping up even as traditional security methods fall behind. The result is an expected fallout of application security — what CISOs have always done to keep networks and software secure no longer works.

Consider the problem of the U.K.’s National Health Service (NHS): According to Information Security Buzz, 45 percent of all NHS trusts only scan for app vulnerabilities once per year. Only 50 percent of trusts scan web perimeter apps on the same timeline. The result is a higher-than-average prevalence of app weaknesses such as cross-site scripting (XSS), SQL injections and issues with cryptographic credentials.

Six of One?

So what about the 6 percent of CISOs who aren’t worried about application security? What’s their secret? As noted by CIO, part of their certainty may come from good planning: Companies looking to embrace app security are on track to adopt almost 20 app services over the next year, including security services, performance monitoring tools and identity services.

The continued growth of cloud computing, and by extension cloud apps, has also spurred a rise in niche security vendors. That speaks to the particular app security challenges of specific industries as well as the problems stemming from critical compliance regulations.

Ultimately, the 6 percent of confident CISOs are likely putting their apps through the paces by integrating regular and repeatable testing at every step of the development process. Think of it like evolution of network firewalls. While it was once possible to deploy steady perimeter-based defenses that could effectively monitor all incoming and outgoing traffic, that’s no longer enough. Next-gen firewalls must be intelligent, adaptive and responsive to ensure solid security.

The Solution for Application Security

The same goes for apps: Cybercriminals are happy to take on any app at any time and from any type of business to see if they can crack critical code using popular vulnerabilities or inventing new attack vectors. As a result, investment in app security services is just part of the answer. Companies must change the way they develop and deploy apps to ensure testing — rather than time to market — is the ideal KPI.

Apps are everywhere, and they are vulnerable. Shoring up CISO confidence demands a shift in priorities to address the new challenges of effective application security.

To learn more about application security risks faced by organizations like yours, download the Ponemon Institute “State of Application Security Risk Management” report.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today