Veracode today released research revealing the large gap between software creation and software security, outpacing the urgency to secure the process.
The security company’s report ‘Securing the Digital Economy’ highlights how investment in software and digital transformation is moving fast, with around one in five business leaders indicating that their software budget which supports digital transformation projects has increased by more than 50% over the past three years.
The report found that 25% of all business leaders surveyed in the UK and USA do not understand any of the below common cyber security threats:
- Vulnerable software
- Vulnerable open source components
- Phishing attacks
- Malicious employee activity
- DDoS attacks
‘Business leaders are unaware of breaches’
Business leaders are unaware of either the breaches themselves or the underlying causes, so are not compelled to learn about or defend against similar threats their company could face. For example:
- Only 5% of all business leaders surveyed indicated the Equifax breach prompted them to rethink their current business’s approach to cyber security, despite being highly publicised and causing several high-level executives to lose their jobs
- 1 in 10 reported the global WannaCry ransomware attack caused them to rethink their approach to cyber security
- 15% of business leaders surveyed in Britain and 19% of German business leaders had not heard of any of the high-profile cyber attacks; while less than 50% of US, GB and German respondents reported cyber attacks have not led their current business to rethink or update their cyber security approach.
Chris Wysopal, CTO at CA Veracode, said: “Digital transformation presents both massive opportunity to innovate and significant security risks, with 77% of applications having at least one vulnerability when first scanned, which could be exploited to inject ransomware or steal data.
Keeping up with catastrophic cyber events
“Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time.
“We need to bridge this disconnect between business leaders and the cybersecurity threat: without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline.”
The report concludes that, while there may be some shift in awareness, not all business leaders have woken up to the risks of the evolving cyber threat landscape.
The survey was commissioned by YouGov, consisting of 1,403 business leaders across Britain, Germany and the US between September 2017 and October 2017.
Written from press release by Leah Alger