Large enterprises face problems with unsecured applications
A new survey of more than 200 CISOs in the US and Canada finds that large enterprises typically operate 1,300 or more complex applications but only protect 60 percent of them, leaving more than 500 applications unprotected at a time where adversarial attacks are increasing.
Nearly four out of five organizations have adopted DevOps, and more than four out of five are planning to integrate cybersecurity processes and controls in the continuous integration and continuous delivery (CI/CD) processes.
"The scope of cybersecurity continues to expand as attackers and defenders develop new strategies and tactics in response to the ongoing broad adoption of the cloud and mobile," says Doug Cahill, senior analyst at ESG. "As attack surfaces expand and adversaries gain additional opportunities for penetration, security leaders are looking to crowdsourced security platforms, like Bugcrowd, that can effectively scale in the same continuous nature as the development process."
CISOs are keen to adopt the benefits of crowdsourced security, with almost 90 percent of companies surveyed already running, planning to run in the next 12 months, or interested in running a crowdsourced security program.
The top benefits of crowdsourced cybersecurity are seen as paying for valid results rather than effort or time (44 percent), reflecting a strong ROI value proposition, and the continuous coverage of applications (42 percent). 60 percent also see room to add a continuous crowdsourced security penetration testing program to their traditional point-in-time testing efforts.
"The increasing number of unfilled cybersecurity jobs and the pressure to bring products to market faster have contributed to the growing and under-defended attack surface," says David Baker, chief security officer at Bugcrowd. "Our latest survey with ESG underscores how crowdsourced cybersecurity is quickly becoming a foundational element of any organization's cybersecurity program."
The full report is available from the Bugcrowd site.