Radware released findings from its second annual web application security report, Radware 2018 State of Web Application Security. The report shares an in-depth view of the challenges organizations face in protecting web applications and how recent security breaches have affected them in the past year. In fact, it revealed that 67% of organizations believe hackers can still penetrate their network.
The research focused on global companies and showed a growing frequency and complexity of application-layer attacks. At least 89% of respondents have experienced attacks against web applications or web servers of the past 12 months. In particular, respondents reporting of encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) reported daily or weekly attacks.
“While organizations are recognizing they are under attack, often they’re discovering the breach only after pertinent information has been leaked,” said Carl Herberger, VP of Security Solutions at Radware. “With today’s evolving threat landscape, organizations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
High rate of data collection and sharing creates massive exposure
Organizations with a global presence keep tabs on the data that they collect and share, with about half of respondents saying they only collect customer data for internal use and do not share it. However, 43% of respondents are specifically sharing data about user behavior, preferences and analytics.
Data security breaches are high in frequency and complexity
Almost half (46%) of organizations have experienced data security breaches in the last 12 months, and respondents find this type of application layer attack to be the most difficult to both detect and mitigate.
The stakes are high for data breaches
As a result of a data breach, 52% of respondents said their customers asked for compensation, 46% reported major reputation loss, 35% reported customer churn, 34% reported a drop in stock price, 31% reported customers took legal action, and 23% said executives were let go.
APIs are host to increased vulnerabilities
With 82% of organizations who use API gateways do so to share and/or consume data however, the data indicates inadequate security measures around APIs. In fact, 70% of respondents do not require authentication from third party APIs, 62% do not encrypt data sent by APIs and a third (33%) allow third parties to perform actions, opening the door to additional threats.
Frequent application updates introduce new security concerns
Organizations update applications much more frequently than reported in previous years. In fact, according to Radware’s 2017 survey, 40% of respondents claimed their organization updates applications at least once per week. This year’s results show that approximately one third of all application types are updated on an hourly or daily basis, with about a quarter updated weekly. This increase introduces new concerns about securing applications in a rapidly changing environment.