Story image

Web & mobile applications present significant risk to Asia businesses

05 Dec 17

Asia Pacific businesses are concerned about the risks that customer-facing web and mobile applications bring to their organisations.

A recent survey from Synopsys found that out of 244 IT professionals, 54% believe these applications present the highest risk to businesses.

This was followed by concerns about embedded and IoT systems (20%); desktop applications (16%); and internal facing web applications (10%).

 "It is not surprising that web and mobile applications represent such a high risk to businesses in Asia, as they often process highly sensitive information and cyber attacks targeting them are increasing in sophistication in the region,” comments Synopsys Software Integrity Group managing director Geok Cheng Tan.

48% of respondents say there is a lack of skilled security personnel and training (48%); a lack of budget (24%); lack of management buy-in (15%); are the biggest challenges to correcting the risk through application security programs, however 13% say there are no challenges at all.

38% believe that it is paramount to protect customer data and intellectual property; while 12% are worried about compliance.

However, some businesses do not seem to be doing much about the problem. 16% of respondents say they have no strategy in place in the event of a security incident, and 18% said they were unsure.

38% have been subjected to an attack in the last two years; 34% say they have not and 28% say they are unsure.

13% believe their organisation is ‘too small’ to be a target and therefore the risk of an attack on their organisation is low; however 28% believe there is a high risk even with a broad, mature security program.

14% of respondents leave all of their app security management to a third-party vendor; 37% use an internal software security group; 40% use both and 9% do not use any app security management people.

82% say they have received some form of training. 53% say they offer mandatory formal training with a test to all of their employees; while 18% do not offer one at all.

Synopsys says that this gap reflects the cybersecurity skills gap across the globe.

“To effectively address cyber threats, software companies need to move beyond reactive measures by implementing software security initiatives that embrace the fundamentals of software integrity and proactively build security and quality into their software development lifecycle (SDLC),” Geok Cheng Tan concludes.

Synopsys conducted the study on C-level IT professionals, managers and professionals at Singapore International Cyber Week.

Twitter suspects state-sponsored ties to support forum breach
One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.
How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
Bin 'em: Those bomb threat emails are complete hoaxes
A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax.
Marriott sets up call centres to answer questions on data breach
Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.
Why there will be a battle for the cloud in 2019
Cloud providers such as AWS, Azure, and Google will likely find themselves in a mad scramble to gain additional enterprise customers.