The financial repercussions of large-scale consumer data breaches are coming into greater focus. Recent reports indicate that Facebook will face a whopping $1.6 billion fine in Europe for compromising 30 million user accounts, while Uber is expected to pay $148 million for its 2016 data breach. These increasingly harsh fines prove even the largest global enterprises are vulnerable and being held more accountable for security malpractices than ever before.
The root cause of data breaches? For the second year in a row, unsecure software applications are proving to be the culprit, according to Verizon. While progress in security is certainly being made, we have to take a hard look in the mirror to avoid falling victim to significant financial strain. The question remains: why are so many applications vulnerable to hackers?
To get those answers, we recently teamed up with the research minds at UBM Dark Reading to get to the bottom of the state of application security, and the barriers to vulnerability-free software. We delved into where application development and security teams are falling short, and how they can improve. Highlights from the report include:
1) Only 29 percent of respondents are confident in their security practices
2) Only half of development and security teams are executing sufficient application security programs as part of their daily operations
3) 88 percent find security tests too difficult
4) Very few development and security teams are efficiently testing during development
5) Less than half feel that security is built into their development process from beginning to end
6) Only 25 percent run security tests when applications are ready to be released or deployed, and mobile and internet of things (IoT) projects suffer the most
7) Less than half of the respondents have an incident response plan to push out critical security updates
8) Only 25 percent of companies provide training in secure development
9) 63 percent of developers aren’t given training in security
Clearly more training, testing, coordination and confidence are needed to propel the industry forward.
But it turns out not everything is dire. Budgets for application security are trending up, which is a good sign; however, more work needs to be done. The report reveals that one barrier is a conflict of interest among authorities or a mismatch in budgets. Decision makers controlling software development budgets are often separate from those controlling security budgets, which can lead to insufficient funding or budget cuts for application security. And in the end, it’s the hackers that win.
To learn more about the current state of application security, and how teams can improve their approach to secure software, read the full report.