The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations\u2019 expanding attack surfaces. That\u2019s according to a new report from Cisco AppDynamics, which revealed that 89% of global IT professionals believe their organization has experienced an expansion in its attack surface over the last two years. The Shift to a Security Approach for the Full Application Stack report surveyed 1,150 IT professionals in organizations across a range of sectors and international markets to outline the current application security challenges impacting IT departments.Businesses face significant application security risks in 2023Along with IoT and connected device growth, rapid cloud adoption, accelerated digital transformation, and new hybrid working models have also significantly expanded the attack surface, the report noted. Microservice-based application architectures and DevOps methodologies are playing a notable role too, exposing applications to new vulnerabilities, it added. These factors will affect the application security challenges businesses face in 2023, with 78% of respondents stating their organization\u2019s full application stack could be vulnerable to attack over the next 12 months.The top six application security challenges detailed in the report in 2023 are:Lack of visibility into attack surfaces and vulnerabilitiesDifficulty prioritizing threats based on severity, impact, and business contextDiscovery and protection of sensitive dataIssues keeping up with a rapidly changing application security landscapeChallenges balancing speed, application performance and securityVolume of security threats and alertsInefficient visibility and contextualization of application security risks leave organizations in \u201csecurity limbo\u201d because they don\u2019t know what to focus on and prioritize, 58% of respondents said. \u201cIT teams are being bombarded with security alerts from across the application stack, but they simply can\u2019t cut through the data noise,\u201d the report read. \u201cIt\u2019s almost impossible to understand the risk level of security issues in order to prioritize remediation based on business impact. As a result, technologists are feeling overwhelmed by new security vulnerabilities and threats.\u201dLack of collaboration and understanding between IT operations teams and security teams is having several negative effects too, the report found, including increased vulnerability to security threats and blind spots, difficulties balancing speed, performance and security priorities, and slow reaction times when addressing security incidents. Tellingly, 55% of technologists said they consider security to be more of an inhibitor than an enabler of innovation within their organizations.Technology, culture shifts key to achieving DevSecOpsDevSecOps is key to addressing the application security risks modern businesses face, but the shift to a DevSecOps approach requires both technological and cultural change, the report stated. Increased automation to detect and block security issues is an avenue most respondents are exploring, but the report also exposed a need for ITOps\/developer teams to become more aware of and knowledgeable about security, and for security professionals to gain a deeper understanding of application development and factors that affect performance.One approach experts think can assist organizations in this area is to tailor security training to developers to help tackle risks. This involves replacing outdated security education with awareness training that is more engaging and relevant for developers to better impart the knowledge required to match the threat landscape and dynamic technology fundamentals of application security.