Recently, Radware, a provider of network security and application delivery solutions, released its second annual Web Application Security Survey: Radware 2018 Web Application Security Status. The report provides an in-depth analysis of the challenges companies face in securing Web applications and the impact of recent security breaches on these businesses over the past year. In fact, the report shows that most companies (67%) believe that hackers can still invade the corporate network.
The study focused on multinational companies and noted that the frequency and complexity of application-layer attacks are growing. At least 89% of respondents have experienced attacks against web applications or web servers in the past year. In particular, respondents claiming to have experienced encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) said that there were attacks every day or week.
Carl Herberger, vice president of security solutions at Radware, said: “Although companies are constantly realizing that they have been attacked, they often find data breaches after the information is leaked. In the current changing threat environment, companies are Vigilance is still required when choosing protective measures to cope with the increasing frequency and complexity of attacks.”
Other important findings include:
- High-speed data collection and sharing poses significant risks. Multinational companies will pay close attention to the data they collect and share, and about half of the respondents said that they collect customer data for internal use only and will not share. However, 43% of respondents did share data on user behavior, preferences, and analysis.
- The frequency and complexity of data security breaches are high. Nearly half (46%) of companies have experienced data breaches in the past year, and respondents have found that this type of application-layer attack is the most difficult to detect and mitigate.
- The risk of data breaches is high: after a data breach, 52% of respondents indicated that their customers would claim compensation, 46% said they suffered significant reputational damage, and 35% of respondents experienced customers Loss, 34% of respondents said the stock price fell, 31% of respondents said that customers filed lawsuits against them, and 23% said that executives were dismissed.
- There are more and more vulnerabilities in the API. Although 82% of companies use API gateways to share and/or use data, the data suggests that API-related security measures are not sufficient. In fact, 70% of respondents do not require third-party API authentication, 62% of respondents do not encrypt data sent via the API, and one-third (33%) of respondents allow third parties to perform operations. This opens the door to more threats.
- Frequent application updates introduce new security issues. Now, companies are updating applications more frequently than in previous years. In fact, according to the Radware 2017 survey, 40% of respondents said that companies update their apps at least once a week. This year’s results show that about one-third of app types are updated hourly or daily, and about a quarter of app types are updated weekly. The increase in update frequency has created new problems in how to protect application security in a rapidly changing environment.