At Infosecurity Europe in June, we surveyed 275 attendees who visited our booth to get the pulse of InfoSec concerns in Europe today. We were delighted to learn that 90% of their organizations had a formal application security process in place, using a dedicated internal application security team or initiative, third-party providers, or a combination of both. Their responses regarding the biggest challenge their organizations face when implementing their AppSec programs were nearly evenly split between (1) lack of skilled professionals, (2) the impact such a program might have on the agility and speed of application development and deployment, and of course, (3) budget constraints. Just 8% had trouble with a lack of executive sponsorship.
The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018, so it’s not surprising that data breaches are top of mind and on top of the headlines. While 73% of respondents indicated that their organizations had not suffered a data breach in the last two years, 44% of those who had would be in violation of GDPR if the breach happened today. GDPR violations are accompanied by both breach notification responsibilities and significant fines.
For the second consecutive year, almost half of respondents (44%) highlighted customer-facing web applications as a top concern. Meanwhile, over a quarter of respondents reported that third-party proprietary code posed the highest risk to their organizations, followed closely by misconfiguration in cloud or containerized applications and open source software components in the applications their organizations develop or use. To address those risks, you need to build security into your software development life cycle, and into the DNA of your development and operations environments.