UK application security programs lagging behind US
Posted on 23 July 2014.
UK enterprises are lagging behind US enterprises when it comes to application security programs. A new IDG study revealed that on average UK companies are spending approximately 21 percent less than US companies of equal size. The study also found that in the UK, 66 percent of internally developed applications remain untested for critical vulnerabilities such as SQL injection.

Enterprises in all industries are delivering new mobile experiences, leveraging the cloud and Big Data analytics, and digitizing their processes. As a result, applications are now the driver of economic growth, and all enterprises are becoming digital businesses. On average, enterprises are internally developing 2,500 applications a year.

In addition to lower spending on application security, the study also showed that UK companies are more likely to focus their application security programs on only a subset of business-critical apps, rather than the entire application portfolio.

Conversely, US organizations are more likely to issue mandates for enterprise-wide application security assessment programs – making programs at US enterprises, on average, more mature than those at UK enterprises.

When application security programs do not extend beyond business-critical applications, enterprises leave thousands of applications vulnerable. This creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application was business-critical or a little-used web application.

“Companies are becoming better at securing their networks and endpoints, causing cyber-criminals to focus their efforts on the application-layer. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities,” said Adrian Beck, manager of security program management, EMEA. “Closing the security the gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy.”


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th