Specialists Spend a Lot of Time Fixing Security Flaws that Could Have Been Prevented
New Study Shows that it Takes Specialists Over Five Hours to Fix Vulnerabilities Found during the App Development Process.
Security flaws frequently appear during the software development process and then reappear after an application has been deployed. The upsetting part is that in many cases, with the suitable approaches and techniques, many of these vulnerabilities could have been discovered and fixed earlier.
Invicti, a web application security company, published a report this week that analyzes the time and resources invested in identifying security vulnerabilities in developed applications.
The report called “State of the DevSecOps Professional: At Work and off the Clock” was put together by Invicti and Wakefield Research, and 500 cybersecurity specialists and software developers with at least Director-level positions have been surveyed. The survey participants were all from organizations with 2,000 or more employees in the United States.
The Stressful Part
According to the survey, 41% of cybersecurity experts and 32% of devs spend approximately five hours per workday dealing with security flaws that should not have happened in the first place.
Having to address these flaws, particularly amid the so-called Great Resignation and the fear of upcoming cyberattacks, can rapidly result in overwork and pressure among cybersecurity specialists.
Some 81% of the participants stated that support tickets have the bad habit to show up at the end of the day. A third of the polled individuals said they’ve had to cancel personal plans because of workplace security issues. Furthermore, half of them said they had to log in on a weekend or on their own time to fix issues.
The Bright Side
Despite the stress, many of the respondents mentioned some aspects of their jobs that they liked.
First, some 65% of the respondents noted they think they saved their organizations at least $1 million in the last year by stopping data breaches.
Then, a whopping 95% stated that digital transformation and the shift to a remote workforce have increased the value and quality of their jobs.
In addition, 49% of the security pros and developers said they are friendly with their counterparts in security or development, an increase from last year’s observations.
Nonetheless, the frequent appearance of security flaws and problems shows the necessity for improvement in the application development process.
Invicti chief product officer Sonali Shah declared:
Security is everyone’s job now, and so disconnects between security and development often cause unnecessary delays and manual work.
Organizations can ease stressful overwork and related problems for security and DevOps teams by ensuring that security is built into the software development lifecycle, or SDLC, and is not an afterthought.
Application security scanning should be automated both while the software is being developed and once it is in production. By using tools that offer short scan times, accurate findings prioritized by contextualized risk and integrations into development workflows, organizations can shift security left and right while efficiently delivering secure code.
When it comes to software development, Shah believes that innovation and security do not have to compete. Instead, they’re inextricably connected.
When you have a proper security strategy in place, DevOps teams are empowered to build security into the very architecture of application design. By building security into the SDLC and investing in tools that automate everything with accuracy to reduce manual work, organizations have more room for innovation and can eliminate friction between security and development.
Once again, we are reminded that mitigation is no longer sufficient. Most businesses either take an active or reactive approach to cybersecurity, meaning they are prepared to do certain things if an attack occurs. Organizations everywhere need to start considering a proactive cybersecurity strategy, which is about taking action before an attack takes place.
How Can Heimdal™ Help?
When it comes to being proactive about your cybersecurity strategy, Heimdal has the right solutions for you.
Protect your company with our Heimdal Threat Prevention, a DNS traffic filtering tool and a product that works on emergent and hidden threats identification. Threat prevention is critical to your organization’s cybersecurity because it is an efficient approach to building numerous levels of proactive defense.
Heimdal’s security suite encompasses many more efficient products focused on different areas like ransomware encryption protection, patch management, and email security.
If you’re ready to take your digital defense to the next level, you can always contact us or book a demo to schedule a free consultation with one of our security specialists.
Alternatively, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.