The results of a recent survey by Synopsys indicate that customer-facing web applications continue to present the highest security risk to businesses in the Asia Pacific region (36 percent of the respondents). This is followed by internal-facing web applications (26 percent) and mobile applications (25 percent). Seventy-one percent of the respondents reported that they have an incident response plan in place in the event of a security incident, an increase over 2017.
Geok Cheng Tan, managing director of Asia Pacific at the Synopsys Software Integrity Group commented, “It is not surprising that web and mobile applications continue to pose such a major challenge to businesses in the Asia Pacific region, as they often process highly sensitive information and cyber-attacks targeting them are growing in sophistication. With an escalating number of cyber security incidents large and small, it is increasingly clear that software development life cycles (SDLC) have to be not about pushing software quickly to market, but building software quickly and securely.”
Main findings of the survey
The survey covered a broad spectrum of important areas, including cyber security and incident response strategies, types of applications at risk, availability of skilled cyber security personnel at the workplace, training and development, and open source adoption approaches. The five main findings from the 2018 survey are as follows:
1. Web and mobile applications present the highest risk
A total of 36 percent of the respondents viewed customer-facing web applications as the area presenting the highest security risk to businesses, followed by internal-facing web applications at 26 percent and mobile applications at 25 percent. Desktop applications and embedded and IoT systems were represented at 24 percent and 16 percent respectively. (Participants were allowed to choose multiple responses to this question.)
2. More organizations have a cyber security incident response strategy
Seventy-one percent of the respondents reported they have a strategy in place in the event of a security incident, a slight improvement over last year’s 66 percent. Thirteen percent said they do not, while 16 percent said that they were unsure.
3. Organizations are not managing open source risk well
Forty-three percent of the respondents have an established process for inventorying and managing open source software, while 30 percent reported that they do not. Twenty-seven percent of the respondents say they do not use open source.
4. Lack of skilled security personnel is a top challenge
Fifty-six percent of those surveyed highlighted the lack of skilled security personnel or training as one of the biggest challenges to implementing an application security program. Eighteen percent of the respondents said little or no budget is available, while 17 percent identified lack of management buy-in. (Participants were allowed to choose multiple responses to this question.)
5. Organizations recognize the importance of cyber security training
Eighty-three percent of those surveyed have received some form of cyber security training (mandatory or ad hoc), which underlines the importance of training to help organizations protect against threats.