BOSTON, MA, and BRISTOL, UK — May 13, 2021 — Immersive Labs, the company empowering organizations to measure and improve people’s cyber capabilities, today released a report with Osterman Research outlining the human factors preventing secure application development. The analysis found the vast majority (81%) of development teams had knowingly pushed vulnerable code live, with 20% of senior managers even admitting to doing so ‘often’. The research found low confidence in application security in general, with only half of all CISOs (50%) believing secure applications could be developed and just 44% of all security teams believing their company could withstand a SolarWinds style attack on their build environment.
The survey of 260 Development and Security teams in large organizations seeks to understand human issues in the Software Development Lifecycle as part of the launch of a new Immersive Labs’ product which continually upskills development and engineering teams. These issues include:
- Overworked and under-resourced teams struggle to shift left: Only 39% of security teams have sufficient time and resources to support the required ‘shift left’ to help the development of secure code. Only 54% of security respondents believe developers understand the latest threats to application security.
- A hazardous disconnect exists between front-line developers and their managers: Only 27% of front-line development teams see security as their responsibility, yet 80% of their senior managers believe it is. This shows a worrying disconnect and lack of security culture in the SDLC between the people creating strategy and those at the coal face.
- Information sharing and training lags behind the dynamic attack environment: Only half of security teams offer training to application security teams quarterly or more regularly which 50% say is still classroom based. As a result, 45% of development teams feel their understanding of the latest application attacks is lacking.
“Securing applications is perhaps the biggest security issue facing organizations today,” said James Hadley, CEO of Immersive Labs. “As with anything in cybersecurity, doing so is as much a human challenge as it is a technical one. The relationships people have, the stress they are under, the personal development they get and the culture that binds them are as important as any electronic countermeasure. To improve this, information sharing and personal progression through skills development are crucial. At Immersive Labs, we realize this and have put it at the center of a new platform designed to gradually improve the skills of development teams – allowing security to be embedded from the outset.”
More information on the new Immersive Labs for Development and Engineering Teams can be found here.
About Immersive Labs
Immersive Labs is empowering organizations to equip, exercise, and evidence human cyber capabilities. We provide metrics that give security leaders insight into human cyber skills and readiness levels across their organization and improve these through dynamic labs and crisis scenarios that track the threat landscape. Immersive Labs is backed by Goldman Sachs and Summit Partners and our customers include some of the largest companies in financial services, healthcare, and government, amongst others. For more information on Immersive Labs’ offering, please visit www.immersivelabs.com.
13 May 2021
Latest Blog posts
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
13 September 2021
Episode 44: Rotten Apple or Privacy Nuts?
2 September 2021
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
10 August 2021
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021