Customer-facing web applications present the highest security risk to organisations according to 36 per cent of businesses surveyed in new research by Synopsys Software Integrity Group.
Furthermore, while 43 per cent claim to have an established process for inventorying and managing open source software, 30 per cent claim they do not - while 27 per cent claim they do not use open source at all.
“It is not surprising that web and mobile applications continue to pose such a major challenge to businesses in the Asia Pacific region, as they often process highly sensitive information and cyber-attacks targeting them are growing in sophistication,” said Geok Cheng Tan, managing director of Asia Pacific at Synopsys Software Integrity Group.
“With an escalating number of cyber security incidents large and small, it is increasingly clear that software development life cycles (SDLC) have to be not about pushing software quickly to market, but building software quickly and securely."
Findings further revealed that 26 per cent of respondents saw internal-facing web applications as a significant security risk, while 25 per cent reported mobile applications has their biggest security challenge.
However, the survey found that 71 per cent of respondents had an incident response plan in place in the event of a security incident, an increase over 66 per cent in 2017.
Worryingly, 13 per cent said they do not have an incident response in place, while 16 per cent said that they were unsure.
The survey covered a broad spectrum of security-related areas, including cyber security and incident response strategies, types of applications at risk, availability of skilled cyber security personnel at the workplace, training and development, and open source adoption approaches.
Desktop applications (26 per cent) and embedded and IoT systems (16 per cent) were also seen as areas presenting a heightened security risk.
Unsurprisingly, the majority (56 per cent) reported the lack of skilled security personnel or training as one of the biggest challenges in implementing an application security program.
Furthermore, 18 per cent of respondents said little or no budget is available, while 17 per cent identified lack of management buy-in as the biggest challenge.
However, 83 per cent of respondents reported receiving some form of cyber security training (mandatory or ad hoc), underlining the importance of training to help organisations protect against threats.