At Infosecurity Europe in June, Synopsys surveyed 275 attendees who visited our booth to get the pulse of InfoSec concerns in Europe today. They were delighted to learn that 90% of respondents’ organisations had a formal application security process in place, using a dedicated internal application security team or initiative, third-party providers, or a combination of both. Their responses regarding the biggest challenge their organisations face when implementing their AppSec programs were nearly evenly split between (1) lack of skilled professionals, (2) the impact such a program might have on the agility and speed of application development and deployment, and of course, (3) budget constraints. Just 8% had trouble with a lack of executive sponsorship.
GDPR, data security, and data privacy at Infosecurity Europe
The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018, so it’s not surprising that data breaches are top of mind and on top of the headlines. While 73% of respondents indicated that their organizations had not suffered a data breach in the last two years, 44% of those who had would be in violation of GDPR if the breach happened today. GDPR violations are accompanied by both breach notification responsibilities and significant fines.
Where’s the risk?
For the second consecutive year, almost half of respondents (44%) highlighted customer-facing web applications as a top concern. Meanwhile, over a quarter of respondents reported that third-party proprietary code posed the highest risk to their organizations, followed closely by misconfiguration in cloud or containerized applications and open source software components in the applications their organizations develop or use. To address those risks, you need to build security into your software development life cycle, and into the DNA of your development and operations environments.
AppSec is complex, and the stakes are high
In this new era of data privacy, heralded by GDPR, protecting user data from breaches is more critical than ever. Data breaches affecting customers by the millions top the news regularly—and the consequences aren’t insignificant. Are you prepared?