How organizations are arming themselves to combat threats

Reblaze announced the results of a Global Surveyz survey of 300 security professionals, to better understand how organizations are approaching web security as we enter a new year. The research focused on the greatest threats organizations faced in 2021, and their strategies for 2022.

“The number and types of cyber threats we detect today is unprecedented in terms of both scale and sophistication,” said Ziv Oren, CEO of Reblaze. “Unfortunately, it seems that many organizations have fallen behind in maintaining effective defenses. For example, although attack bots are used in multiple types of cyberattacks, half of the security professionals that were surveyed admitted that they didn’t know the extent of bot activity in their applications, and of the remaining respondents, most of them underestimated the scope of the threat.

“Clearly, organizations that can’t fully detect hostile activity also cannot block it. The good news is that most of the respondents also have plans to modernize their security tools and strategies, with strong growth predicted across several technology categories, especially in cloud-based security that’s built on high visibility capabilities and machine learning and AI.”

Last year’s greatest threats, and the strategies for 2022

The most common attack of 2021 was DDoS: DDoS was the most common attack in 2021, with 50% of respondents reporting DDoS attempts. For most regions, SQL injection was next at 38%, and ransomware was the third most common attack at 29%. However, in the US there is a more severe ransomware problem, and 40% of the US respondents were targeted by ransomware attacks in 2021.

Cloud-based security is growing: Companies have embraced cloud-based security technologies with 64% of respondents reporting they now use a native WAF from their cloud provider, while third-party WAFs and Unified Solutions are also popular, at 41% and 24% respectively. This reliance is growing, as 59% of respondents plan to adopt more cloud security solutions in 2022.

Non-traditional security technologies are becoming important: Seventy-two percent of companies consider it very important to secure the OWASP Top 10 vulnerabilities — most of which are longstanding issues within web security. However, companies are also seeking other new types of defenses. Ninety-nine percent of respondents consider Adaptive Protection to be important, followed by API security at 98%.

Most companies have inadequate defenses against hostile bots: Modern attack bots have become quite sophisticated, and for most security solutions that lack proper visibility, are difficult to detect. While 50% of respondents have no idea about the percentage of hostile bots in their traffic, the other half think they know, but tend to radically underestimate the number, at an average of 6.2%. In reality, the percentage of hostile bots across web traffic is closer to 26%.

The fastest-growing security technologies are bot solutions and unified solutions: With so many companies unable to accurately ascertain the composition of incoming traffic, it’s no surprise that the security technology with the highest expected growth rate is dedicated bot solutions. Various sizes of companies report increased usage of between 133% and 214% in 2022 over their current rates. The second-highest growth item is Unified Solutions — all-in-one platforms that include a variety of tools — where companies expect usage rates of up to 150% over 2021 levels.