Appsec investment driven by losses, not prevention

Arxan Technologies has published the results of the 2018 Global Study on Application Security, conducted by the Ponemon Institute. The study surveyed nearly 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific to understand the risk applications pose to businesses when running in unsecured environments and how they are addressing this risk.

The results indicated a predominant global issue: application breaches are rising and so are the security risks of running business critical apps in zero-trust environments. However, companies are not adequately investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue.

 

“This is a big deal, it’s not pocket change. The average data breach costs almost $4 million when you include lost customers, the impact to operations, and your insurance costs going up[1],” says Rusty Carter, vice president of product management, Arxan. “Companies have to change the way they think about investing in app security because threats are only getting worse.”

 

Risk of Application Breaches Is Real

The study shows that nearly 75 percent of organisations likely, most likely or definitely experienced a material cyber-attack or data breach within the last year due to a compromised application. Sixty-four percent of respondents say they are either very concerned or concerned that they will be hacked through an application. Additionally, 54 percent expect the severity of threats to increase in 2018.

 

Most Organisations Still Don’t Invest Adequately in App Security

Only 25 percent of respondents say their organisation is making a significant investment in solutions to prevent application attacks despite awareness of the negative impact of malicious activity (decreased productivity, decline in revenues, lost customers). Almost half of the business management team (48 percent) believes that app performance and speed are more important than security, whereas 56 percent of IT management ranked performance and security as equally important. A startling 65 percent of companies say they would be spurred to increase application protection measures only after an end user or customer were negatively affected.

 

“It’s disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring,” says Joe Sander, CEO, Arxan. “It’s backward thinking, and it puts customers at significant risk. It’s crucial to place security investments where attacks are happening.”

 

App Threat Analytics Enable Proactive Security Posture

The majority (79 percent) of survey respondents agreed the ability to detect application attacks “in the wild” is very important. And nearly half of the survey’s respondents say they would update their application protection solution as frequently as hourly or daily if they had visibility into specific types of attacks being waged against their apps.

 

Arxan’s newly released Threat Analytics service provides this visibility.   It allows business owners to see who, how and from where applications are being attacked – while attacks are in progress – and rapidly deploy proactive countermeasures before an attack is completed or becomes widespread. Arxan’s Threat Analytics service is integral to the company’s multi-layered application protection, unparalleled threat intelligence offerings and enterprise customer success, delivering the industry’s most comprehensive application protection solutions for the enterprise.   

 

“The ability to know how app attacks are being executed as they unfold reduces the window of opportunity for attackers,” says Sander. “That real-time intelligence lets businesses respond with direct countermeasures to stay ahead of threats, and can help validate the need for increased AppSec investment before it’s too late.”