Enterprises fear software stack breach as attack surface widens

Organizations find themselves vulnerable to multi-layered cyberattacks that can impact the entire software stack as they face increasing challenges with an expanding attack surface. As it stands, 92% acknowledge having made compromises in application security due to the urgency to innovate and meet changing customer needs during the global pandemic.

In fact, all of the respondents from Singapore admitted that the rush for innovation had come at the time security fee when developing software, according to a to study published by Cisco Systems AppDynamics. The global survey surveyed 1,150 IT organizations in 13 markets, including Australia, India, Japan, Germany, the UK and the US, all of which had revenue over $500 million, with the exception of Colombia, which included companies with more than $100 million in revenue.

Overall, 78% believed their organization was vulnerable to multi-stage security attacks over the next 12 months that could affect their entire software stack. Some 89% said they now have a larger attack surface than two years ago, with 46% noting that this was already more of a problem.

Some 59% cited increased use of the Internet of Things (IoT) and connected devices as the primary reason they now have a wider attack surface, while 56% cited adoption cloud and 51% said rapid digital transformation has expanded their attack surface.

The majority, at 88%, agreed that more could be done to secure their modern applications throughout the software lifecycle. However, 81% said that insufficient software security skills and resources were a challenge for their organization, with 78% noting that the lack of a shared vision between their application development and security teams would pose a software security challenge over the next 12 months.

Respondents highlighted various software security challenges they would face this year, including a lack of visibility into attack surfaces and vulnerabilities, protection of sensitive data, and difficulty prioritizing threats based on severity and context. commercial.

“The widespread adoption of multi-cloud environments and the availability of low-code and no-code platforms enable developers to accelerate release speed and build more dynamic applications on more platforms,” said Eric Schou, vice president and CMO of Cisco AppDynamics, in a Publish. “But with application components increasingly running on a combination of platforms and on-premises databases, this exposes visibility gaps and dramatically increases the risk of a security event.”

He noted that 68% of respondents said their security tools work well in silos, but not consistently, resulting in an inability to get a complete view of their organization’s security posture.

Schou added: “New cybersecurity threats expose flaws in traditional approaches to application security and, in particular, the lack of input of security into the application development process. In many organizations, there is “There has been little, if any, ongoing collaboration between developers and security teams. They only engage when a security issue has arisen, essentially when it’s already too late.”

He noted that more and more IT departments are now adopting a DevSecOps approach, which helped ensure the integration of application security and compliance testing throughout the software development lifecycle. “Developers can build robust security into every line of code, resulting in more secure apps and easier security management before, during, and after release,” he said.

Some 93% of respondents also believe it is important to contextualize security, so that it can correlate risk against other key areas such as software performance, user experience and business metrics. This would then allow for better prioritization of vulnerability patches based on potential business impact, according to the study.

In Singapore, 96% said the ability to contextualize security was essential. An additional 88% said adopting a security framework that encompasses the entire software stack was a priority for their organization. Some 81% said a lack of software security skills and resources were a challenge for their organization, with 96% saying their attack surface had expanded over the past two years. An additional 81% believed they were vulnerable to a multi-stage security attack in the next 12 months.

Some 37% of the Asian market said they had taken their first steps in adopting a DevSecOps model, while 58% were considering doing the same.

Worldwide, 76% believe a DevSecOps approach is important to enable organizations to effectively protect against multi-stage cyberattacks targeting the software stack. Some 43% had begun adopting this app development model, while 46% were considering doing the same.


Leave a Comment