A new Bugcrowd study of one hundred CISOs revealed that 94 percent are concerned about breaches in their publicly facing assets in the next 12 months, particularly within their applications.
As more applications become publicly accessible, more breaches are occurring at the application level. IT organizations are strapped when it comes to security: 71 percent of respondents face resourcing or budgeting issues within their organizations.
To keep up, security leaders are continuing to prioritize application security spending, focusing on the following key investment areas:
- Applications hosted in the cloud: 59 percent
- Public facing web applications: 57 percent
- Mobile applications: 39 percent
- APIs: 32 percent.
Data breach incidents as a result of hacking have risen over 350 percent between 2007 to 2015, according to the Identity Theft Resource Center. To combat these challenges, CISOs are using, on average, 4.8 application security tools and services.
According to the study, outside of crowdsourced programs the top three include penetration testing (80 percent), incident response processes (79 percent) and application vulnerability scanning (71 percent).
“Security methodologies within today’s IT departments aren’t cutting it,” said Jason Haddix, Head of Trust and Security, Bugcrowd. “Along with budgeting challenges, modern application security teams will continue to face security issues as long as investment areas continue to diversify. Reducing the risks associated with breaches begins with improving security culture throughout the organization, and finding a solution that scales within AppSec budgeting constraints. Unless you are a unicorn you can’t staff and retain the headcount needed for a proper security program. DAST and SAST solutions only get you part way. It’s time for a real force multiplier in security.”