According to a new report by the Security firm Psychode, the security professional software supply chain is more concerned about the security blind spots. The seller surveyed 500 enterprise security professionals in the US, with 78 percent stated that today’s application security (AppSec) attack surfaces are unbearable.
According to the ASPM report, the tools and crowded tool stacks are important contributors for software supply chain security challenges organizations, while overwhelmed safety and development teams are not working well to overcome problems.
Software supply chain safety is a major issue for organizations in danger areas. In May, Junipar Research predicted that the cost of the software supply chain attacks may exceed US $ 46 billion alone, the damage responsible for the software supply chain attacks is expected to reach approximately $ 81 billion by 2026. Recently there is a prime example of 3CX hack. Casked Software makes the risk compromises made by the supply chain.
Software supply chain safety is the biggest concern
The software supply chain blind spot was surveys as the biggest security concern by the surveyed 72 per cent, just the Peeping Generative AI, which was cited by 71 per cent. Open source components, clouds and containers and CI/CD pipeline blind spots were the next most flag safety concerns, each of which was at 69 percent. The fact that security professional software supply chain is more concerned about risks, which are explaining the generative AI dangers because the impact of technology on cyber security is in the headlines.
In August, research by Deep Instinct showed that the use of generic AI of danger actors has promoted a significant increase in attacks around the world last year, while Google has recently warned that AI generated by cyber criminals AI recently. Language model (LLM) will be used to enhance it. The effectiveness and scale of social engineering attacks in 2024.
Security professional suffering from cautious fatigue
According to the psychode report, security professionals are prone to the influx of alerts generated by many of their applications safety equipment, struggling with the complexity of managing multiple devices with 75 percent. This is causing cautious fatigue, which can significantly affect and delay reactions to important alerts. 76 percent of the security professionals in the survey said that managing all alerts is challenging, 81 percent said that the developer team is experiencing a lot of vulnerable noise and alert fatigue.
One-twenty-one percent of the surveyed security professionals seems challenging to know what are the weaknesses to fix the first, while 83 percent are always not able to scale the process of getting the weaknesses at the right time at the right time Are. What is more, 80 percent of the respondents whose developer team is experiencing too much noise and alert fatigue also feels that their developer teams are not removing all the weaknesses as results.
Major disconnects between security and development teams
Data also highlighted a major disconnect between security and development teams. Eighty-eight percent of the respondents stated that the responsibility for the safety of applications within their organization extends into several groups, each with its own equipment. Consequently, 77 percent are able to understand who is a challenge “owns security. Almost all of the surveyed (90 percent) said that there is a need to improve the relationship between security and developers.
Senior IDC’s senior research analyst Katie Norton commented, “With most of the findings of the Psychode Report, we listen to what we are seeing in the market, starting with the significance of software supply chain safety.” “Our 2023 devsecops adoption, techniques and equipment survey recognized a weak software supply chain as a top application security difference. Our IDC research also found that companies struggle with developers and safety missing and have promoted coordination. ,
