Desktop applications are no longer the primary origins of vulnerabilities and IT security risks, it is supplanted by the end-user web apps. That is the revelation exposed by Synopsys as they released their GovWare 2018 survey. In the mentioned survey, mobile applications (25%) and web apps (26%) are identified as the top two sources of IT trouble for today’s firms. “It is not surprising that web and mobile applications continue to pose such a major challenge to businesses in the Asia Pacific region, as they often process highly sensitive information and cyber-attacks targeting them are growing in sophistication. With an escalating number of cybersecurity incidents large and small, it is increasingly clear that software development life cycles (SDLC) have to be not about pushing software quickly to market, but building software quickly and securely,” explained Geok Cheng Tan, Synopsys Software’s Managing Director for Asia-Pacific.
The survey is conducted with 251 samples, with 136 middle-managers, 14 top-level officers, 25 corporate-level executives and 76 from other sectors of the corporate world. One of the top highlights of the survey is the actual utilization of open-source software in the day-to-day operations of an organization. The attendees confirmed that either their organization don’t use open source software full stop (27%) or they have no way of knowing if some teams in their company use open source software (30%).
The use of open-source software in a corporate environment is a sign of maturity, security, and privacy. With enough IT staff that knows how to administer an open-source infrastructure, solutions for problems can be developed internally instead of depending on the vendor or 3rd party support contractors.
The survey also exposed that many people that are working for the company lack enough security training, with attendees confessing that only 53% of their employees have enough knowledge with cybersecurity and are ready to face any IT emergency. This is in full conflict with their claims that 90% of the organizations represented in the survey have working security protocols and internal procedures.
The sad indicator as revealed by the survey is a huge 13% of the firms are not ready for a huge IT incident if it happens. Most organizations claim that have readiness when dealing with a cyber attack or data breach heavily depends on 3rd party security firms and external contractors to do the job of damage control, post emergency assessment and proposing for final solutions.
Below are the top 3 questions in the survey that Synopsys asked from their respondents:
Do you have an incident response plan in place to deal with a cyber attack on your organization? (251 participants)
- 71% Yes (179)
- 13% No (33)
- 16% Not sure (39)
What is your organization’s approach to using open source software components/frameworks? (243 participants)
- 43% We have an established process to inventory and manage open source code (104)
- 30% We use open source but do not have a process to inventory or manage its use (74)
- 27% We do not use open source code (65)
What challenges do you face in implementing an application security program? (247 participants)
Multiple responses allowed
- 56% Lack of skilled security personnel or training (138)
- 18% Little to no budget (45)
- 17% Lack of management buy-in (43)
- 22% No challenges (54)