New Study Says 94 Percent of CISOs Worried About Application Security — What’s the Solution?

Applications are now the foundation of both back- and front-facing digital services. Without cloud-based e-commerce portals, sophisticated mobile apps and user-friendly back office tools, companies simply can’t compete in a rapidly changing tech marketplace.

So it’s no surprise that 94 percent of chief information security officers (CISOs) are concerned about breaches: According to Infosecurity Magazine, reporting on a new Bugcrowd study, these security leaders are worried about serious threat to their publicly facing assets within the next 12 months.

What about the other 6 percent? What puts them at ease when it comes to application security?

Saw That Coming

As noted by the Infosecurity piece, there are a number of common threads to this app security issue. Budgets top the list, with 71 percent of respondents saying they face resource or budgeting issues. There’s also several environmental factors to consider.

The cybersecurity skills gap is at an all-time high, while cloud-based attack surfaces are ramping up even as traditional security methods fall behind. The result is an expected fallout of application security — what CISOs have always done to keep networks and software secure no longer works.

Consider the problem of the U.K.’s National Health Service (NHS): According to Information Security Buzz, 45 percent of all NHS trusts only scan for app vulnerabilities once per year. Only 50 percent of trusts scan web perimeter apps on the same timeline. The result is a higher-than-average prevalence of app weaknesses such as cross-site scripting (XSS), SQL injections and issues with cryptographic credentials.

Six of One?

So what about the 6 percent of CISOs who aren’t worried about application security? What’s their secret? As noted by CIO, part of their certainty may come from good planning: Companies looking to embrace app security are on track to adopt almost 20 app services over the next year, including security services, performance monitoring tools and identity services.

The continued growth of cloud computing, and by extension cloud apps, has also spurred a rise in niche security vendors. That speaks to the particular app security challenges of specific industries as well as the problems stemming from critical compliance regulations.

Ultimately, the 6 percent of confident CISOs are likely putting their apps through the paces by integrating regular and repeatable testing at every step of the development process. Think of it like evolution of network firewalls. While it was once possible to deploy steady perimeter-based defenses that could effectively monitor all incoming and outgoing traffic, that’s no longer enough. Next-gen firewalls must be intelligent, adaptive and responsive to ensure solid security.

The Solution for Application Security

The same goes for apps: Cybercriminals are happy to take on any app at any time and from any type of business to see if they can crack critical code using popular vulnerabilities or inventing new attack vectors. As a result, investment in app security services is just part of the answer. Companies must change the way they develop and deploy apps to ensure testing — rather than time to market — is the ideal KPI.

Apps are everywhere, and they are vulnerable. Shoring up CISO confidence demands a shift in priorities to address the new challenges of effective application security.

To learn more about application security risks faced by organizations like yours, download the Ponemon Institute “State of Application Security Risk Management” report.


Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and...