SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Web & mobile applications present significant risk to Asia businesses
Tue, 5th Dec 2017
FYI, this story is more than a year old

Asia Pacific businesses are concerned about the risks that customer-facing web and mobile applications bring to their organisations.

A recent survey from Synopsys found that out of 244 IT professionals, 54% believe these applications present the highest risk to businesses.

This was followed by concerns about embedded and IoT systems (20%); desktop applications (16%); and internal facing web applications (10%).

 "It is not surprising that web and mobile applications represent such a high risk to businesses in Asia, as they often process highly sensitive information and cyber attacks targeting them are increasing in sophistication in the region,” comments Synopsys Software Integrity Group managing director Geok Cheng Tan.

48% of respondents say there is a lack of skilled security personnel and training (48%); a lack of budget (24%); lack of management buy-in (15%); are the biggest challenges to correcting the risk through application security programs, however 13% say there are no challenges at all.

38% believe that it is paramount to protect customer data and intellectual property; while 12% are worried about compliance.

However, some businesses do not seem to be doing much about the problem. 16% of respondents say they have no strategy in place in the event of a security incident, and 18% said they were unsure.

38% have been subjected to an attack in the last two years; 34% say they have not and 28% say they are unsure.

13% believe their organisation is ‘too small' to be a target and therefore the risk of an attack on their organisation is low; however 28% believe there is a high risk even with a broad, mature security program.

14% of respondents leave all of their app security management to a third-party vendor; 37% use an internal software security group; 40% use both and 9% do not use any app security management people.

82% say they have received some form of training. 53% say they offer mandatory formal training with a test to all of their employees; while 18% do not offer one at all.

Synopsys says that this gap reflects the cybersecurity skills gap across the globe.

“To effectively address cyber threats, software companies need to move beyond reactive measures by implementing software security initiatives that embrace the fundamentals of software integrity and proactively build security and quality into their software development lifecycle (SDLC),” Geok Cheng Tan concludes.

Synopsys conducted the study on C-level IT professionals, managers and professionals at Singapore International Cyber Week.