Checkmarx rolled out its UK report; the report states around 45% of organisations had to put up with at least two security breaches because of a vulnerable application. Further, 34% of the organisations that had a cybersecurity breach relating to an application in the previous year let go of the employees who were seen responsible for the firms’ cybersecurity.
The survey was conducted to highlight the problems that challenge application security (AppSec) managers and software developers. Besides, the survey pointed out that software developers (39%) and application security managers (32%) are more responsible than anyone for the security of applications. In contrast, only 10% of the surveyees saw CISOs or CSOs as most responsible for cyber security breaches in the firm.
45 % of the respondents, respondents comprising over 1,000 employees working as AppSec managers and software developers in UK organisations, reported at least two breaches in the previous year. And 22% of respondents reported at least three breaches. The survey underscored that security teams were at risk, and firms are strict in dealing with those responsible for firms’ cybersecurity.
The survey examined the reasons for these breaches; 43% of the respondents said they had a software supply chain attack, an attack vector that the malicious threat actors knew to be popular among the frim. Other factors that led to breaches were cloud application misconfigurations (40%), malicious third-party packages or components (39%), and known but unpatched, vulnerabilities (38%).
The data suggests that organizations can sway the chances of breaches by taking care of what’s in their control. Organisations that don’t pay heed to cybersecurity can hamper their business prospects. The respondents mentioned ways that businesses can suffer like theft or loss of customer data (40%), loss of customers (39%), a decline in customer trust (34%), intellectual property theft or loss (33%), and loss of revenue (32%).
The silver lining is that professionals are learning from breaches that happened in the last year, and respondents see the need for humans and technologies working together to prevent breaches, especially through application security. The respondents stated duties and roles should be clearly outlined between AppSec managers and developers. Further, AppSec managers and developers should closely coordinate for better adoption of security testing solutions and enhancing the way we go about ‘building in’ security during software development.
Reference
