79% of survey respondents identify threat modelling as a top priority in 2021

Security Compass has published the results of a new report, “The State of Threat Modeling in 2021.”

The study was designed to provide a better understanding of the current state of threat modeling in mid-sized, $100m to $999m and large sized, $1bn + enterprises, with a specific focus on the challenges organisations face in scaling threat modeling for the applications they build and deploy. Individuals directly involved in threat modeling efforts within their organisations provided insights on their companies’ approach as well as gaps and vulnerabilities.

The most pressing issue uncovered by the study was the growing priority of threat modeling for applications that companies build, coinciding with a belief that the majority or all of these efforts could be automated. Traditional threat modeling practices are historically slow, and hinder an organisation’s goals of getting applications to market quickly. Additionally, over half of respondents reported issues when trying to integrate this essential process into their existing technologies. These shortcomings contributed to the finding that less than half of organisations feel very prepared for critical cybersecurity threats. There is a clear need for more scalability and automation in threat modeling to balance rapid software development with secure software development.

Key Findings Include:

•Current Performance on Threat Modeling Approaches

oOnly 25% of survey participants indicate their organisations conduct threat modeling during the early phases of software development requirements gathering and design, before proceeding with application development.

oLess than 10% report their organisations perform threat modeling on 90% or more of the applications they develop. Most commonly, organisations test between 50-74% of their applications.

•Lack of Automation

oOver 60% of organisations believe that all aspects of their organisation’s threat modeling could be fully automated, yet only 28% have reached that threshold.

oMore than half of organisations face challenges in automating and integrating their threat modeling activities with other technologies, with 41% of respondents expressing that it takes too long.

•Impact of COVID-19 & Supply Chain Vulnerability

oOver 80% of organisations had to make moderate to significant changes to their cybersecurity approach as a result of COVID-19.

oSupply chains may be particularly vulnerable, with more than 84% of organisations reporting making cybersecurity changes because of supply chain vulnerability. However, 31% of companies do threat modeling on less than half the applications they develop associated with their supply chain.

“Software is being used in almost every aspect of everyday life, making it essential for organisations to be equipped with the necessary resources to perform timely threat modeling on the applications that they develop and deploy,” said Rohit Sethi, CEO, Security Compass. “Threat modeling ensures that vulnerabilities are recognised and remediated before they become a problem. Security Compass is hopeful that by providing the industry with detailed insights into the state of threat modeling, more organisations will self-assess, identify areas where they can automate and improve their existing approach to threat modeling, and ultimately improve their overall security posture.”

Security Compass’ expertise is supported by recent industry award recognition, including being named a Gold Winner for Threat Modeling in two 2021 awards programs: the Globe Cyber Security Excellence Awards and the Cybersecurity Excellence Awards. Additional recognition in 2021 by the Cyber Defense Magazine (CDM) Global Infosec Awards, and the 2021 CyberTech 100 list, highlight Security Compass’ continued innovation in application security, DevSecOps and compliance, as well as the company’s dedication to helping organisations defend themselves against today’s threat landscape without compromising time to market.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.