February 2, 2017 By Douglas Bonderud 2 min read

Applications are now the foundation of both back- and front-facing digital services. Without cloud-based e-commerce portals, sophisticated mobile apps and user-friendly back office tools, companies simply can’t compete in a rapidly changing tech marketplace.

So it’s no surprise that 94 percent of chief information security officers (CISOs) are concerned about breaches: According to Infosecurity Magazine, reporting on a new Bugcrowd study, these security leaders are worried about serious threat to their publicly facing assets within the next 12 months.

What about the other 6 percent? What puts them at ease when it comes to application security?

Saw That Coming

As noted by the Infosecurity piece, there are a number of common threads to this app security issue. Budgets top the list, with 71 percent of respondents saying they face resource or budgeting issues. There’s also several environmental factors to consider.

The cybersecurity skills gap is at an all-time high, while cloud-based attack surfaces are ramping up even as traditional security methods fall behind. The result is an expected fallout of application security — what CISOs have always done to keep networks and software secure no longer works.

Consider the problem of the U.K.’s National Health Service (NHS): According to Information Security Buzz, 45 percent of all NHS trusts only scan for app vulnerabilities once per year. Only 50 percent of trusts scan web perimeter apps on the same timeline. The result is a higher-than-average prevalence of app weaknesses such as cross-site scripting (XSS), SQL injections and issues with cryptographic credentials.

Six of One?

So what about the 6 percent of CISOs who aren’t worried about application security? What’s their secret? As noted by CIO, part of their certainty may come from good planning: Companies looking to embrace app security are on track to adopt almost 20 app services over the next year, including security services, performance monitoring tools and identity services.

The continued growth of cloud computing, and by extension cloud apps, has also spurred a rise in niche security vendors. That speaks to the particular app security challenges of specific industries as well as the problems stemming from critical compliance regulations.

Ultimately, the 6 percent of confident CISOs are likely putting their apps through the paces by integrating regular and repeatable testing at every step of the development process. Think of it like evolution of network firewalls. While it was once possible to deploy steady perimeter-based defenses that could effectively monitor all incoming and outgoing traffic, that’s no longer enough. Next-gen firewalls must be intelligent, adaptive and responsive to ensure solid security.

The Solution for Application Security

The same goes for apps: Cybercriminals are happy to take on any app at any time and from any type of business to see if they can crack critical code using popular vulnerabilities or inventing new attack vectors. As a result, investment in app security services is just part of the answer. Companies must change the way they develop and deploy apps to ensure testing — rather than time to market — is the ideal KPI.

Apps are everywhere, and they are vulnerable. Shoring up CISO confidence demands a shift in priorities to address the new challenges of effective application security.

To learn more about application security risks faced by organizations like yours, download the Ponemon Institute “State of Application Security Risk Management” report.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today