Global organisations ‘struggle’ to maintain consistent application security, cla...
source link: https://www.itwire.com/security/global-organisations-%E2%80%98struggle%E2%80%99-to-maintain-consistent-application-security,-claims-radware.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Friday, 22 January 2021 12:20
Global organisations ‘struggle’ to maintain consistent application security, claims Radware Featured
By Peter DinhamGlobal organisations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of application program interfaces (APIs), according to one security solutions vendor.
According to Radware in its 2020-2021 State of Web Application Security Report, a major factor in these “challenges” faced by global organisations, was the need to adjust rapidly to a new remote working and customer engagement model that resulted from the pandemic, “leaving decision makers little or no time to conduct adequate security planning”.
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments,” said Gabi Malka, Chief Operating Officer for Radware.
“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, leaving them ahead on the cyber security curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, those that haven’t seem perilously complacent.”
Radware lists a number of specific findings in the report including:
APIs are the next big threat
There is a growing dependence on, and increased reliance on, web-enabled applications in the form of APIs. A wide variety of sensitive data types are processed by APIs, such as user credentials, payment information, social security numbers, etc. API abuses are expected to become the most frequent attack vector. As such, API security is the most critical hole enterprises should patch in 2021.
Nearly 40% of organisations surveyed reported that more than half of their applications are exposed to the internet or third-party services via APIs. Some 55% of organisations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly.
Enterprises unprepared for bot traffic
Bot management is also a major concern because enterprises are not prepared to manage bot traffic properly. While web application firewalls offer important defensive capabilities to detect and prevent attacks against APIs and the like, bot management tools offer a robust defence against sophisticated bot attacks. And they give security teams a better grasp on dealing with a variety of threats and attacks.
The report revealed that only 24% of organisations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.
Mobile apps far less secure
Mobile apps played a critical role during 2020 as most information workers were shifted to at-home work, and as most use mobile apps for entertainment, social interaction, education, and shopping. However, mobile app development is highly insecure. This is true, in part, because mobile apps are more commonly developed by third parties.
This research found that only 36% of mobile apps have security fully integrated, and a large proportion have either minimal or no security (22%). As a result, until mobile apps security is treated seriously, we expect to see more – and more serious – incidents that use the mobile channel for attacks. That in turn will likely put more pressure on enterprises to secure mobile apps and not leave consumer data exposed to hackers.
Security staff are not the prime decision-makers
Despite the threats outlined in the report, security is not a first priority in application development practices. In approximately 90% of surveyed organisations, security staff are not the prime influencer on application development architecture nor the budget.
Some 43% of companies surveyed said security should not interrupt the end-to-end automation of the release cycle. This creates a situation in which the very people responsible for security have little control over how apps are developed.
DDoS attacks aren’t going away
The most common bot attack is denial-of-service, taking different shapes. Some 86% said they have experienced such an attack, with a third of them reporting weekly occurrences and 5% seeing them daily.
Denial-of-service at the application layer is frequently in the form of HTTP/S floods. Nearly 60% of organisations experience an HTTP flood at least once per month or more.
Subscribe to ITWIRE UPDATE Newsletter here
GRAND OPENING OF THE ITWIRE SHOP
The much awaited iTWire Shop is now open to our readers.Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.
PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.
Products available for any country.
We hope you enjoy and find value in the much anticipated iTWire Shop.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK