Story image

Web & mobile applications present significant risk to Asia businesses

05 Dec 2017

Asia Pacific businesses are concerned about the risks that customer-facing web and mobile applications bring to their organisations.

A recent survey from Synopsys found that out of 244 IT professionals, 54% believe these applications present the highest risk to businesses.

This was followed by concerns about embedded and IoT systems (20%); desktop applications (16%); and internal facing web applications (10%).

 "It is not surprising that web and mobile applications represent such a high risk to businesses in Asia, as they often process highly sensitive information and cyber attacks targeting them are increasing in sophistication in the region,” comments Synopsys Software Integrity Group managing director Geok Cheng Tan.

48% of respondents say there is a lack of skilled security personnel and training (48%); a lack of budget (24%); lack of management buy-in (15%); are the biggest challenges to correcting the risk through application security programs, however 13% say there are no challenges at all.

38% believe that it is paramount to protect customer data and intellectual property; while 12% are worried about compliance.

However, some businesses do not seem to be doing much about the problem. 16% of respondents say they have no strategy in place in the event of a security incident, and 18% said they were unsure.

38% have been subjected to an attack in the last two years; 34% say they have not and 28% say they are unsure.

13% believe their organisation is ‘too small’ to be a target and therefore the risk of an attack on their organisation is low; however 28% believe there is a high risk even with a broad, mature security program.

14% of respondents leave all of their app security management to a third-party vendor; 37% use an internal software security group; 40% use both and 9% do not use any app security management people.

82% say they have received some form of training. 53% say they offer mandatory formal training with a test to all of their employees; while 18% do not offer one at all.

Synopsys says that this gap reflects the cybersecurity skills gap across the globe.

“To effectively address cyber threats, software companies need to move beyond reactive measures by implementing software security initiatives that embrace the fundamentals of software integrity and proactively build security and quality into their software development lifecycle (SDLC),” Geok Cheng Tan concludes.

Synopsys conducted the study on C-level IT professionals, managers and professionals at Singapore International Cyber Week.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.