IoT, connected devices biggest contributors to expanding application attack surface

IoT, connected devices biggest contributors to expanding application attack surface

New report shines light on application security challenges impacting global businesses.

Credit: Dreamstime

The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organisations’ expanding attack surfaces.

That’s according to a new report from Cisco AppDynamics, which revealed that 89 per cent of global IT professionals believe their organisation has experienced an expansion in its attack surface over the last two years.

The Shift to a Security Approach for the Full Application Stack report surveyed 1,150 IT professionals in organisations across a range of sectors and international markets to outline the current application security challenges impacting IT departments.

Businesses face significant application security risks in 2023

Along with IoT and connected device growth, rapid cloud adoption, accelerated digital transformation, and new hybrid working models have also significantly expanded the attack surface, the report noted.

Microservice-based application architectures and DevOps methodologies are playing a notable role too, exposing applications to new vulnerabilities, it added. These factors will affect the application security challenges businesses face in 2023, with 78 per cent of respondents stating their organisation’s full application stack could be vulnerable to attack over the next 12 months.

The top six application security challenges detailed in the report in 2023 are:

  • Lack of visibility into attack surfaces and vulnerabilities
  • Difficulty prioritising threats based on severity, impact, and business context
  • Discovery and protection of sensitive data
  • Issues keeping up with a rapidly changing application security landscape
  • Challenges balancing speed, application performance and security
  • Volume of security threats and alerts

Inefficient visibility and contextualisation of application security risks leave organisations in “security limbo” because they don’t know what to focus on and prioritise, 58 per cent of respondents said.

“IT teams are being bombarded with security alerts from across the application stack, but they simply can’t cut through the data noise,” the report read.

“It’s almost impossible to understand the risk level of security issues in order to prioritise remediation based on business impact. As a result, technologists are feeling overwhelmed by new security vulnerabilities and threats.”

Lack of collaboration and understanding between IT operations teams and security teams is having several negative effects too, the report found, including increased vulnerability to security threats and blind spots, difficulties balancing speed, performance and security priorities, and slow reaction times when addressing security incidents.

Tellingly, 55 per cent of technologists said they consider security to be more of an inhibitor than an enabler of innovation within their organisations.

Technology, culture shifts key to achieving DevSecOps

DevSecOps is key to addressing the application security risks modern businesses face, but the shift to a DevSecOps approach requires both technological and cultural change, the report stated.

Increased automation to detect and block security issues is an avenue most respondents are exploring, but the report also exposed a need for ITOps/developer teams to become more aware of and knowledgeable about security, and for security professionals to gain a deeper understanding of application development and factors that affect performance.

One approach experts think can assist organisations in this area is to tailor security training to developers to help tackle risks.

This involves replacing outdated security education with awareness training that is more engaging and relevant for developers to better impart the knowledge required to match the threat landscape and dynamic technology fundamentals of application security.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ciscoInternet of ThingsAppDynamics



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments