CA Southern Africa has announced that Veracode, Inc., a leader in securing the world’s software, and acquired by CA Technologies, has released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process.
The Securing the Digital Economy report highlights how investment in digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50% or more over the past three years to support digital transformation projects.
However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50% of business leaders surveyed understand the risk that vulnerable software poses to their business.
The report indicates that many business leaders report that they do not understand these commom cybersecurity threats:
- Vulnerable software
- Vulnerable open source components
- Phishing attacks
- Malicious employee activity
- DDoS attacks
The lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyberattacks and their causes. Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about or defend against similar threats their company could face. For example:
We are seeing some shift in awareness, of the 33% who indicated that a cyberattack on another company had led their business to rethink its approach to cybersecurity, many have either taken steps to improve their software security or plan to over the next 12 months.
While there may be some shift in awareness, not all business leaders have woken up to the risks of the evolving cyber threat landscape. One-third of business leaders surveyed revealed that they plan to take no new steps to improve their organisations’ overall cybersecurity in the next 12 months.
“Digital transformation presents both massive opportunity to innovate and significant security risks, with 77% of applications having at least one vulnerability when first scanned, which could be exploited to inject ransomware or steal data,” said Jaco Greyling, Chief Technology Officer, DevOps solutions, CA Southern Africa.
“Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time. We need to bridge this disconnect between business leaders and the cybersecurity threat: without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline.”