What’s the biggest challenge for security professionals?
The results of a survey of 270 IT security professionals has found that almost half (48%) viewed customer-facing web applications as the area presenting the most security risk to businesses. This is in contrast to 23% who identified mobile applications and 18% who suggested desktop applications presented the biggest risk. To view the full survey results from Synopsys visit: www.synopsys.com/blogs/software-security/cyber-security-threat-survey.
Andreas Kuehlmann, Senior Vice President and General Manager at Synopsys, did not find this surprising, saying: “The level of customer information necessary to make web applications possible means these applications can be particularly vulnerable to attacks, so adding security into the software development lifecycle and supply chain is a critical requirement for businesses. The findings of the survey demonstrate that companies need to not only focus on building user-friendly web applications, but also ensure the most powerful tools and services are being used to detect and eliminate vulnerabilities in these applications.”
The most common security attacks on customer-facing web applications, from sales portals to instant messaging services, include SQL Injections, Cross-site Scripting (XSS), Remote Command Execution, and Path Traversal, which can all cause serious damages to businesses and users alike.
Other main findings of the survey include:
- Fifty-four percent of those surveyed said that protecting customer data within these applications represents the top security concern.
- Aside from the technical challenges in securing customer-facing web applications, 41% of those surveyed felt that a lack of skilled security personnel or training was the biggest challenge, reflective of the cyber security skills gap across the globe.
- 84% of respondents indicated that they have a strategy in place in the event of a security incident. Only 12% said they didn’t and four percent suggested they didn’t know, which is particularly reassuring as the increased frequency and severity of cyber attacks is expected to continue to rise.
Survey methodology
Conducted 6th-8th June in London at Infosecurity Europe 2017, Europe’s largest security focused conference, the in-person survey is based on responses from attendees including IT professionals, managers and executives.