IT Spending is Decreasing

As you know, 2020 has not been a typical year for any of us. Previously, I’ve written about the impact of the global pandemic on IT spending. In a July 2020 report, Gartner, Inc. predicted that worldwide IT spending will decline to $3.5 trillion this year, or 7.3% lower than in 2019.

Application Vulnerabilities are Increasing

While certain elements of the global economy- such as bars, restaurants and travel- have been slow to recover from the impact of the pandemic, malicious actors have not taken a break.

Here are recent statistics that bear it out:

  • Earlier this year, a research study published in TechRepublic found that e-mail phishing attacks increased by 667% from the end of February 2020 to the end of March 2020.
  • Specifically in the application security space, a separate analysis published in Security Boulevard found that more than 80% of applications experienced a SQL Injection attack in the May/June 2020 timeframe.
  • According to the same report, at least one-third of applications were found to contain at least one serious vulnerability.

Developer Burnout is a “Thing”

Added to the mix is the sheer number of new applications and application updates that are required to power our hyper-digital world this year. In a 2019 study reported on by the Wall Street Journal, the average number of applications deployed by large companies is a staggering 129. Yes, that’s right- 129!

In addition to an increasing volume of applications to manage, the following factors have contributed to developer burnout:

  • According to an Octoverse Spotlight blog, developers’ workdays have expanded by an hour per day in the COVID-19 era, during the traditional business week and on weekends.
  • The same research found that nearly all developer activity metrics are up, including pull requests, pushes and issues created per active user.
  • As a result of growing application volume, the number of open-source repositories created this year has grown accordingly, by nearly 28% from March 2019 to March 2020.

To recap, here’s what organizations like yours are facing: lower budgets, higher vulnerabilities and increased workloads. How can you address those issues, while continuing to combat cyber-security threats that your organization’s facing? As always, information, executive buy-in and budgetary funding are great places to start.

Share our Ponemon Institute Report Findings with Your Executive Team

Ponemon Institute released a study in October 2020 titled, “Application Security in the DevOps Environment.” Sponsored by HCL AppScan, the study includes a treasure trove of AppSec- and DevOps-related financial figures that you can use to make the case for application security testing with your executive team. You can access the comprehensive report here.

Here are the key financial findings from the report that you can leverage:

Average Total Economic Losses from Attacks Against Vulnerable Applications

In the past 12 months, organizations represented in Ponemon’s research incurred an average cost of $12 million as a result of attacks against their vulnerable applications. In other words, the cost is roughly $1 million a month, and is likely to run even higher for companies without effective application security testing programs.

Total Economic Losses: Worst-Case Scenario

Some of the organizations included in the study incurred unbelievable total economic losses that exceeded $100 million as a result of attacks against their vulnerable applications. To put the $100 million figure into perspective, it is the estimated cost to build 13 miles of interstate freeway, according to estimates provided to ToughNickel by the Florida Department of Transportation. If that figure doesn’t capture your executives’ attention, then nothing will!

Average IT, AppSec and DevOps Budgets

According to respondents, their average organizational IT budget totaled $99.6 million. On average, 25% of organizations’ current year IT budgets will go toward application security activities. Another 20% of organization’s current year IT budgets will go toward DevOps activities.

Security Budget and Investment Drivers

Fifty-one percent of respondents stated that Return on Investment (ROI) generation is an important driver for their organizations’ security budget and investment decisions. Only 29% stated that reducing Total Cost of Ownership (TCO) was a key driver.

Barriers to Success

Forty-one percent of respondents stated that insufficient budgets prevented their application security programs from being effective.

For additional strategic and financial trends in AppSec and DevOps, our comprehensive report can be accessed here.

To Learn More

Please listen to our webinar, where Larry Ponemon from Ponemon Institute and Eitan Worcel from HCL AppScan comprehensively analyze the study’s results.

 

 

Comment wrap
Further Reading
Secure DevOps | November 10, 2020
HCL AppScan: Now Supporting SAP ABAP
Read this blog to learn more about HCL AppScan's support of SAP ABAP. And, you can request a free trial or demo of our AppSec solution.
Secure DevOps | November 2, 2020
AppScan and the OWASP Top 10: A Focus on SQL Injection
As part of our periodic blog series that's focused on OWASP Top 10 vulnerabilities, this article examines the most prevalent vulnerability: SQL Injection.
Secure DevOps | October 22, 2020
Potential Threats and Measures to Secure Your Web Applications
Web applications are unprotected, and everyone can get to it. All you need is an internet connection. That includes hackers too! But developers often ignore web application security and teams typically spend most of the time on the code – and little to no time making sure the web apps are reliable. According to Forrester, application vulnerabilities remain the main reason for the success of attacks, representing 42% of attacks by exploiting a software vulnerability and 35% came via a web app. Common website app threats There isn’t just one way that websites get attacked; some common web app threats are: SQL Injections SQL injection attacks are done by infusing malicious code in an exposed SQL query. They count on an attacker inserting a request within the message sent by the website to the database. Malware Malware – the biggest threat to your website, is used to access private data or server resources. Malware can be classified into distinct bands since they work to achieve separate goals- spyware, viruses, ransomware, worms, and trojans. Phishing Scam Phishing scam attacks affect directly with email marketing efforts. These types of threats are planned to look like emails that are from valid sources, to obtain sensitive data. Brute Force Then there’s also brute force attacks, where hackers attempt to guess passwords and forcefully gain access to the web application owner’s details. But how do you secure web apps against any malicious intent? Here are some of the tips. Source code encryption Malware often taps bugs and vulnerabilities within the design and source code of the application. This malicious code infects 12M+ apps, and the most common way attackers do it is by repackaging popular apps into "rogue apps" and publishing the same. That is why you need to test code for vulnerabilities or run source code scanning. Secure...
a/icon/common/search Created with Sketch.