Vulnerable software poses great risk to businesses
The increased security risk of an application-centric economy has not resulted in a more comprehensive understanding of cyber security among business leaders.
This is according to a report by Veracode titled Securing the Digital Economy, which surveyed 1 043 business leaders across the globe.
Software development and purchasing is booming in many businesses as they pursue digital transformation projects to deliver greater efficiencies, innovation and growth, says the study. However, the increased investment has not translated to greater security budgets or awareness of the security risks insecure software introduces, it adds.
Many business leaders don't understand the plethora of threats that this software-led approach presents, nor how their company can defend against them, says the study.
This lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyber attacks and their causes, it adds. The study notes most of business leaders surveyed were unaware of either the breaches themselves or the underlying causes and were not compelled to learn about or defend against similar threats their company could face.
It also reveals only 50% of the business leaders surveyed understand the risk that vulnerable software as a whole poses to their business. Moreover, only 32% of respondents understand the risk open source components - which is a key feature of most applications - pose to their organisation, adds the study.
Furthermore, 37% of respondents note either all or most of their software is built internally, compared with 41% who indicated that all or most of their software is either built by third-party providers or purchased as commercial off-the-shelf applications, it adds.
Overall, the state of security awareness within the developer community remains such that the majority of developers are still making the same security-related mistakes out of the gate as they did several years ago, says the study. This presents a great risk to businesses who invest in these software applications, it adds.
"Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time, says Chris Wysopal, CTO for CA Veracode.
"We need to bridge this disconnect between business leaders and the cyber security threat - without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline."