‘Radware 2018 State of Web Application Security.’a provider of cybersecurity and application delivery solutions, has released findings from its second annual web application security report,
The report shares an in-depth view of the challenges organisations face in protecting web applications and how recent security breaches have affected them in the past year. In fact, it revealed that most organisations (67%) believe hackers can still penetrate their network.
On behalf of Radware, Merrill Research surveyed 301 executives and IT professionals from across the globe. To participate in Radware’s 2018 State of Application Security research, respondents were required to work for a company with at least 250 million USD/EUR/GBP in revenue and a worldwide scope.
The research focused on global companies and showed a growing frequency and complexity of application-layer attacks. At least 89% of respondents have experienced attacks against web applications or web servers over the past 12 months. In particular, respondents reporting encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) reported daily or weekly attacks.
“While organisations are recognising they are under attack, often they’re discovering the breach only after pertinent information has been leaked,” said Carl Herberger, vice president of Security Solutions at Radware.
“With today’s evolving threat landscape, organisations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
Additional survey findings include:
High rate of data collection and sharing creates massive exposure
Organisations with a global presence keep tabs on the data that they collect and share, with about half of respondents saying they only collect customer data for internal use and do not share it. However, 43% of respondents are specifically sharing data about user behaviour, preferences and analytics.
Data security breaches are high in frequency and complexity
Almost half (46%) of organisations have experienced data security breaches in the last 12 months, and respondents find this type of application layer attack to be the most difficult to both detect and mitigate.
The stakes are high for data breaches
As a result of a data breach, 52% of respondents said their customers asked for compensation, 46% reported major reputation loss, 35% reported customer churn, 34% reported a drop in stock price, 31% reported customers took legal action, and 23% said executives were let go.
APIs are host to increased vulnerabilities
82% of organisations who use API gateways do so to share and/or consume data however, the data indicates inadequate security measures around APIs. In fact, 70% of respondents do not require authentication from third party APIs, 62% do not encrypt data sent by APIs and a third (33%) allow third parties to perform actions, opening the door to additional threats.
Frequent application updates introduce new security concerns
Organisations update applications much more frequently than reported in previous years. In fact, according to Radware’s 2017 survey, 40% of respondents claimed their organisation updates applications at least once per week.
This year’s results show that approximately one third of all application types are updated on an hourly or daily basis, with about a quarter updated weekly. This introduces new concerns about securing applications in a rapidly changing environment.