Security and development teams are groaning under the strain of securing organizations, according to a report released this week.
The report, released by web application security tools company Invicti Security, found 78% of respondents reported increased stress levels over the last year. One in five DevOps and security professionals have considered quitting their jobs due to these pressures.
The report blames the problem on a backlog of security tasks, caused in part by a cyber security skills shortage. It says that the average IT team member would need a two-week break from their regular work just to catch up with what it calls 'security debt'.
The report, which surveyed 600 executives and hands-on practitioners across security, development and DevOps roles, found that the heavy workload had an effect on the security process. 70% of respondents frequently or always skipped security steps when delivering projects, it said.
A lack of security in the software development lifecycle isn't helping. Almost half of all developers said that application security testing is completely separate from development, with only one in five reporting that they have fully integrated it into the development process. The result is less secure software, with one in three security issues making it through the development and testing stage to production.
A lack of focus on post-deployment application scanning exacerbates the problem, as professionals fail to allocate enough resources to it, the report said. Only seven in ten of those that fully adopted security in the software development phase regularly scanned more than three quarters of their applications for vulnerabilities and then remediate them.
RELATED RESOURCE
The truth about cyber security training
Stop ticking boxes. Start delivering real change.
Security professionals want more automation to help lighten the load. One in six of them said that their companies do not have enough automation in place to test and remediate security issues.
That's due in part to a lack of trust in the tools. Only half of the respondents were confident enough in the accuracy of their vulnerability scanning software, prompting almost four in five to manually verify results. Each verification takes around an hour.
Invicti recommends better training for developers and security teams, paying more attention to post-deployment vulnerability scanning, and automating manual tasks where possible. Machine learning is also making tools more aware of vulnerability context, it concluded.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Walking the line: GitOps and Shift Left securityWhitepaper Scalable, developer-centric supply chain security solutions
-
“Full speed ahead” mentality in cloud native space causing security headachesNews Red Hat says the rapid development of cloud native technologies means that security issues could go unnoticed
-
IBM LinuxONE for dummiesWhitepaper Secure your data, build an open hybrid cloud environment, and realise the cost benefits of consolidation
-
Bridging the DevSecOps divide: Spotlight on zero trustWhitepaper Security at the forefront
-
GitLab patches API flaw that exposed private group dataNews GitLab private projects that were formerly public could have been accessed through search APIs
-
What is DevSecOps and why is it important?In-depth This new flavour of DevOps is helping organisations rapidly implement security by design
-
The journey of security in a DevOps environmentWhitepaper “Shift left” to fit security into the DevOps environment
-
GitHub now warns you about flaws affecting your Python codeNews Code repository will also offer admins fixes from the developer community
