Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
TOP 5 REASONS
Veracode Gbook
Why You Need an AppSec Program
Introduction
TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 2
Hardly a day goes by without a news story
about a major data b...
Software is critical to your business.
Most apps are hackable.
Apps are the top attack vector.
You’re not immune if you do...
1You’re a software
company, whether
you know it or not.
The world now runs on applications. Every company
uses application...
2Veracode’s State of Software Security Report revealed that
about 70 percent of all applications had at least one vulnerab...
In fact, Web and
mobile applications
account for more
than a third of
data breaches.
Attacks at the
application layer
are ...
39%
Of the costs associated with
information loss due to business
disruption, including lost employee
productivity and out...
Enterprises have spent billions
of dollars securing the network,
perimeter and hardware at their
organizations, but have y...
TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 9
4
REASON #4
Cyberattackers are looking for the path of least resistance
int...
TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 10
A scary example…
Your application security
program should include third-pa...
11
You’re not off the hook
if you don’t develop
your software from
scratch either.
Remember Heartbleed?
That headache stem...
5
TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM
REASON #5
If you get breached, you will pay.
12
The Verizon 2015 Data Breac...
TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM
You’ll also feel the cost
of a breach in…
13
COST OF DOWNTIME
A recent Inform...
LOVE TO LEARN
ABOUT APPLICATION
SECURITY?
Get all the
latest news, tips
and articles
delivered right
to your inbox
Subscri...
Upcoming SlideShare
Loading in …5
×

Top 5 Reasons Why You Need an AppSec Program

474 views

Published on

Enterprises are increasingly falling victim to cyberattacks through the application layer. In fact, the U.S. Department of Homeland Security recently reported that 90% of security incidents result from exploits against defects in software. And these breaches are doing significant damage. From cleanup costs to lost customers, the expenses after a breach add up quickly. Specifically, the Verizon Data Breach Investigations report found that the cost of a data breach involving 10 million records will fall between $2.1 million and $5.2 million.
This trend is definitely troubling for security professionals. According to the biennial Global Information Security Workforce Study published by the International Information Systems Security Certification Consortium (ISC)2, application vulnerabilities continue to top security professionals' list of worries. However, the concerns have not translated into adopting secure development practices. The same study found that 30 percent of companies never scanned for vulnerabilities during code development.
The reasons behind the lag in application security adoption vary, but most stem from misconceptions about the cost and complexity involved. Whatever the reasons, the bottom line is that the risk of an app-layer breach is high, and you need to implement an application security program to protect your organization.

Published in: Software
  • Be the first to comment

Top 5 Reasons Why You Need an AppSec Program

  1. 1. TOP 5 REASONS Veracode Gbook Why You Need an AppSec Program
  2. 2. Introduction TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 2 Hardly a day goes by without a news story about a major data breach. And most of these breaches stem from vulnerabilities in applications. Yet, most companies are not investing in application security. A variety of misconceptions lead to the lag in appsec adoption, but the reality is: you need an appsec program. THE FOLLOWING ARE THE TOP 5 REASONS WHY… BREACH BREACH
  3. 3. Software is critical to your business. Most apps are hackable. Apps are the top attack vector. You’re not immune if you don’t develop your own software. If you get breached, you will pay. 3 TOP 5 REASONS why you need an appsec program TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 1 2 3 4 5
  4. 4. 1You’re a software company, whether you know it or not. The world now runs on applications. Every company uses applications to make business decisions, and to interact with business partners. Even GE now considers itself a software company. With this increased reliance on software, application quality now impacts your bottom line. On our current trajectory, GE is on track to be a top 10 software company. JEFFREY R. IMMELT, CEO, GENERAL ELECTRIC Software is critical to your business. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 4 REASON #1
  5. 5. 2Veracode’s State of Software Security Report revealed that about 70 percent of all applications had at least one vulnerability classified as one of the top 10 web vulnerability types. Most apps are hackable. REASON #2 TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 5
  6. 6. In fact, Web and mobile applications account for more than a third of data breaches. Attacks at the application layer are growing by more than 25% annually. Apps are the top attack vector. REASON #3 TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 6 3From Q1 to Q2 2015, there was a 17.65 percent increase in DDoS attacks targeting the application layer. AKAMAI’S Q2 2015 “STATE OF THE INTERNET SECURITY REPORT” WEB + MOBILE 33% 2014 Verizon Data Breach Investigations Report Q3 2015 State of the Internet Security Report, Akamai, Dec. 8, 2015 2013 20152012 2014
  7. 7. 39% Of the costs associated with information loss due to business disruption, including lost employee productivity and outright failures. Q3 2015 State of the Internet Security Report, Akamai, Dec. 8, 2015 $7.7MILLION per company is the average annual loss worldwide due to cybercrime. 2015 Ponemon Institute Cost of Cyber Crime Study: Global TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 7 A typical $500 million-plus enterprise has developed more than 3,079 applications. According to “2014 State of the CIO,” CIO Magazine = =
  8. 8. Enterprises have spent billions of dollars securing the network, perimeter and hardware at their organizations, but have yet to invest sufficiently in securing their applications. At the same time, these enterprises are building, buying and downloading applications at a breakneck pace and in record numbers. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 8 Why are apps the top attack vector? Because hackers know we’re sloppy about securing them. 79% 28% Of enterprise applications are never assessed for vulnerabilities According to IDC Of developers either have no process or an ineffective ad hoc process for building security into applications According to Ponemon Of organizations don’t even know how many applications they have According to SANS 63%
  9. 9. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 9 4 REASON #4 Cyberattackers are looking for the path of least resistance into your organization, and that path is increasingly through less-critical and third-party applications. You’re not immune if you don’t develop your own software. 65 percent of a typical enterprise application portfolio comes from third parties, yet 90 percent of third-party code does not comply with enterprise security standards such as the OWASP Top 10. ACCORDING TO QUOCIRCA AND VERACODE’S REPORT, STATE OF SOFTWARE SECURITY, ENTERPRISE TESTING OF SOFTWARE SUPPLY CHAIN
  10. 10. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 10 A scary example… Your application security program should include third-party software, and hold it to the same security standards as internally developed software. JPMorgan Chase was breached through a third-party app promoting its charitable road race. The breach led to records stolen from: 76 MILLION HOUSEHOLDS MILLION 7 MILLION BUSINESSES MILLION
  11. 11. 11 You’re not off the hook if you don’t develop your software from scratch either. Remember Heartbleed? That headache stemmed from a vulnerability in OpenSSL, a common component used in applications to encrypt data in transport. 4 MILLION PATIENT RECORDS thanks to a breach due to the Heartbleed vulnerability. Community Health lost more than Things to consider: 1. Components make development easier… and riskier. 2. Your organization doesn’t own the code and can’t update it if a vulnerability is found. 3. You need an application security program that tracks the use of components and outlines acceptable ways to use them. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM
  12. 12. 5 TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM REASON #5 If you get breached, you will pay. 12 The Verizon 2015 Data Breach Investigations Report found that data breaches cost businesses around the world $400 million. Don’t underestimate the cost of a breach. LOST REVENUE This might result from stolen corporate data, lowered sales volumes (if consumers get scared) or falling stock prices. MONEY SPENT ON INVESTIGATION AND CLEANUP A recent joint Veracode/Centre for Economics and Business Research (Cebr) report found that cyberattacks cost UK firms £34 billion in revenue losses and subsequent increased IT spending. COSTOFABREACH
  13. 13. TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM You’ll also feel the cost of a breach in… 13 COST OF DOWNTIME A recent Information Age article estimated that every hour of downtime costs businesses $100,000. BRAND DAMAGE The long-term reputation damage associated with security breaches can be substantial and lead to intangible costs or loss of business.
  14. 14. LOVE TO LEARN ABOUT APPLICATION SECURITY? Get all the latest news, tips and articles delivered right to your inbox Subscribe Here The end goal for any organization should be a mature, robust application security program that: • Assesses every application, whether built in-house, purchased or compiled • Enables developers to find and fix vulnerabilities while they are coding • Takes advantage of automation and cloud-based services to more easily incorporate security into the development process and scale the program AppSec Critical TOP 5 REASONS WHY YOU NEED AN APPSEC PROGRAM 14

×