Two new surveys from Synopsys find there is general alignment among C-level IT professionals, managers, and executives in Europe and in Asia in terms of application security concerns and mitigations. Although the percentages differ by region, the order in which concerns and solutions ranked generally agreed.
The challenges to implementing an application security program tracked closely between Europe and Asia. The lack of skilled security personnel was cited as the main challenge by 41% in Europe and 48% in Asia. Earlier this year, International Information System Security Certification Consortium (ISC2) reported it expected the shortfall of skilled security professionals around the world to grow to 1.8 million by the year 2022. Positions two and three on the list alternated between Europe and Asia, with lack of management buy-in leading in Europe (by 3%) and little or no budget leading in Asia (by 12%). A quarter of the respondents in Europe claimed no challenges in implementing an application security program, while only 16% did so in Asia.
Types of applications or systems applications presenting the highest risk were mostly the same between the regions. Customer-facing web applications were reported as the number one application or system that presents the highest security risk to businesses (48% in Europe and 31% in Asia). This was followed by mobile applications (23% in both) and desktop applications (18% in Europe and 16% in Asia). Asia did show more concern with the security of embedded systems (16% more). Trailing in both regions were internally facing web apps (7% in Europe and 10% in Asia)
In terms of top security concern, most respondents in Europe and Asia agreed it is protecting customer data (54% in Europe and 50% in Asia). This result is consistent with increasing regulations worldwide regarding privacy, such as the European Union’s new General Data Protection Regulation (GDPR), set to take effect in mid-2018. This was followed by a tie in Europe for second between regulatory compliance and threat/breach detection (each at 33%). In Asia, protecting data and IP outscored regulatory concerns (38% to 12%).
A wide majority—84%—of survey respondents in Europe said their organizations had an incident response plan in place compared with a majority 66% in Asia.
Finally, 64% of respondents in Europe said their organizations mandated cybersecurity awareness training that included a test. In Asia the number was 53%. Meanwhile, 29% in Asia and 25% in Europe said their awareness training was more informal and consisted of reviewing documented policies. Eighteen percent in Asia and 11% in Europe said their organizations lacked any cybersecurity awareness training.