72% of organizations have experienced an application security incident in the last two years

72% of organizations have experienced an application security incident in the last two years
72% of organizations have experienced an application security incident in the last two years

Beyond the risks for users and regulatory compliance, application security is threatened by vulnerabilities, code injection, poor management of identifiers and access, lack of encryption or flaws in third-party libraries. The solution involves, in particular, DevSecOps automation.

Too often limited to regulatory compliance issues and user-centric risks, software security involves more technical threats. For example, security vulnerabilities allow hackers to access sensitive data or execute malicious code and arise from development or configuration errors.

SQL Injection on websites allows access to the site’s database to take control of the system. Poor credential and access management can lead to data leaks or unauthorized access. Passwords often lack strength and access privileges are often too high. Additionally, the lack of security updates exposes applications to attacks.

Dynatrace has published a report based on an international survey of 1,300 CISOs and 10 interviews with CEOs and CFOs in organizations with more than 1,000 employees. Unsurprisingly, Dynatrace advocates the use of unified observability tools that it markets to facilitate collaboration between teams. This report shows the lack of alignment between leaders and cybersecurity teams. Note that 87% of CISOs say application security is neglected by the CEO and board members.

Another salient point is that security teams communicate in an overly technical manner. For 7 out of 10 senior executives, the use of overly technical terms hinders understanding of the problems. AI is now capable of creating more sophisticated cyber threats, but no serious information confirms, to date, the existence of fully autonomous malware generated by AI.

In France, a gap between the position of CISOs and high-ranking executives

Although the sample size of the survey is small with 100 respondents, it is possible to identify some trends. An explicit indicator: nearly three-quarters of RRSIs deplore the poor capacity of security tools to produce useful and clear information for managers. More than 7 in 10 companies have experienced an application security incident in the last two years.

On the DevSecOps (Development, Security and Operations) side, which consists of continuously integrating security throughout the entire application development lifecycle, 71% of CISOs say that DevSecOps automation is essential to ensure that Reasonable measures have been taken to minimize application security risks.

Not surprisingly, 68% of CISOs say there is a regular need to report to the CEO and board of directors and 77% say DevSecOps automation is increasingly important to manage the risk of vulnerabilities. introduced by AI.

Automation of DevSecOps practices is little used

An overwhelming proportion of security leaders, 89%, say that DevSecOps automation will be essential to enable them to stay up to date with regulations such as ANSSI cybersecurity rules, and European regulations NIS2 and DORA. Explicit and worrying figure, only 11% of CISOs consider that their organization applies mature DevSecOps automation practices.

In the order of priorities for CISOs are vulnerability management followed by crisis responses (data breach and image-related problems) and finally, internal risk management with, in particular, the use of mobile devices.

-

-

PREV Toulouse is an AI-Cluster of France: its vision of artificial intelligence is unique
NEXT Éric Ciotti will table a bill aimed at privatizing the SNCF