Identifying areas of risk for cyber-criminal activity is the first step to developing protective measures to keep businesses and the data they hold safe. Web applications that are directly accessed by customers are considered to be areas of particular concern.
Synopsys, Inc today announced the results of a survey of 270 IT security professionals, which found that almost half (48 percent) viewed customer-facing web applications as the area presenting the most security risk to businesses. This is in contrast to 23 percent who identified mobile applications and 18 percent who suggested desktop applications presented the biggest risk. To view the full survey results, visit https://www.synopsys.com/blogs/software-security/cyber-security-threat-survey.
Andreas Kuehlmann, senior vice president and general manager at Synopsys, does not find this surprising, saying: “The level of customer information necessary to make web applications possible means these applications can be particularly vulnerable to attacks, so adding security into the software development lifecycle and supply chain is a critical requirement for businesses. The findings of the survey demonstrate that companies need to not only focus on building user-friendly web applications, but also ensure the most powerful tools and services are being used to detect and eliminate vulnerabilities in these applications.”
The most common security attacks on customer-facing web applications, from sales portals to instant messaging services, include SQL Injections, Cross-site Scripting (XSS), Remote Command Execution, and Path Traversal, which can all cause serious damages to businesses and users alike. Other main findings of the survey include:
- 54 percent of those surveyed said that “protecting customer data” within these applications represent the top security concern
- Aside from the technical challenges in securing customer-facing web applications, 41 percent of those surveyed felt that a lack of skilled security personnel or training was the biggest challenge, reflective of the cybersecurity skills gap across the globe
- 84 percent of respondents indicated that they have a strategy in place in the event of a security incident. Only 12 percent said they didn’t and 4 percent suggested they didn’t know, which is particularly reassuring as the increased frequency and severity of cyberattacks is expected to continue to rise.
The survey was conducted 6-8 June in London at Infosecurity Europe 2017, Europe’s largest security-focused conference, the in-person survey is based on responses from attendees including IT professionals, managers, and executives.