CSO recently labeled the cybersecurity battle\u00a0 as \u201ca war without end.\u201d Not long after the Solarwinds revelations, we learned that tens of thousands, if not hundreds of thousands, of Microsoft Exchange servers have been compromised. But security and IT practitioners know too well that organizations could better protect themselves with better application security hygiene.\nThat sentiment came through during a recent #IDGTechtalk Twitter chat on March 11 moderated by @nyike (Isaac Sacolick) and sponsored by @GlobalNTT.\nHuman error is often part of the problem, if not the cause, when a breach occurs:\nBiggest issue with security is people. People who weren\u2019t trained. People who didn\u2019t manage patches effectively. People who didn\u2019t think beyond their organizational boundaries. People who didn\u2019t test their security postures.\u00a0 Arsalan Khan\u00a0@ArsalanAKhan\nBut lax procedures often set us up for failures:\n...let's not forget that many applications enter the organization without a security\/ risk review. Need to fix the leaky pipes first. Tim Crawford@tcrawford\nWe thrive in and are at risk from an app economy. The threat profile expands every time a new app is introduced to an organization or a user\u2019s device:\nThe @forrester State of Application Security report noted application vulnerabilities will continue to be the most common external attack method. #CIO\/#CISO must realize that w\/o effective app security, IT investments are at serious risk.Ben Rothke@benrothke\nYes, average business user touches 30+ applications every day. That's a lot of potential threat vectors Adam Stein@apstein2\nOrganizations need to look at how aware they are of the application security threat inside their perimeters:\nFirst, you can\u2019t protect what you don\u2019t know about. Starting with a good and detailed inventory of systems and services\/apps is the best place to start. This also doesn\u2019t mean immediately remediating\u2026. Assess where the risks are. Such as, if you have a critical system that has to run older software or hardware that may be vulnerable, ensure there are protections and mitigations in place to attempt to prevent exploitation. Am\u00e9lie E. Koran@webjedi\n#IDGTECHtalk A1) IT Teams should determine the top threats & see what safeguards are in place : TOP THREATS typically are: #Phishing attacks, #Ransomware attacks, (RDP) Remote Desktop Protocol attacks, #WiFi #MITM (Man in the middle) #HotSpot attacks Scott Schober@ScottBVS\nAwareness alone isn\u2019t sufficient, though. It\u2019s high time that we all ensure we\u2019re taking the appropriate actions:\nFinding vulnerabilities does not make your apps secure. Make sure fixes are actually implemented, by retesting, and also by testing the finished product. There are great resources out there for security & dev teams. Get your teams trained on appsec! WhiteHat Security@whitehatsec\n#PatchTuesday used to be a thing. Probably a good idea to bring it back for everyone given the distributed workforce and BYO policies Adam Stein@apstein2\nBut is awareness and vigilance sufficient?\u00a0\nI actually think there is more here than training and patching. We've known about those and addressed those for decades. Why is it still an issue then?Tim Crawford@tcrawford\nTension between "must get this new\/updated app out the door" and additional time\/$ investment to ensure the right security. Joanna Young@jcycio\nOne of the biggest challenges is the number of applications to manage security. So many different tools and services to manage without having a single pane of glass. It's akin to having to log into multiple streaming services looking for a movie you want to watch. Jason James@itlinchpin\nStill, it\u2019s clear there is a continuing need for education and training:\nApplication security is data security. Demonstrating the impact of the wrong data being stolen, corrupted or deleted through poor application security is key. Demonstrate the risk through financial and image impact. Mark Thiele@mthiele10\nCheck out the full discussion @idgtechtalk and read about NTT\u2019s approach to intelligent cybersecurity.