The research focused on global companies and showed a growing frequency and complexity of application-layer attacks. At least 89% of respondents have experienced attacks against web applications or web servers over the past 12 months. In particular, respondents reporting encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) reported daily or weekly attacks.
“While organisations are recognising they are under attack, often they’re discovering the breach only after pertinent information has been leaked,” said Carl Herberger, Vice President of Security Solutions at Radware. “With today’s evolving threat landscape, organisations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
Additional key survey findings include:
- High rate of data collection and sharing creates massive exposure. Organisations with a global presence keep tabs on the data that they collect and share, with about half of respondents saying they only collect customer data for internal use and do not share it. However, 43% of respondents are specifically sharing data about user behaviour, preferences and analytics.
- Data security breaches are high in frequency and complexity. Almost half (46%) of organisations have experienced data security breaches in the last 12 months, and respondents find this type of application layer attack to be the most difficult to both detect and mitigate.
- The stakes are high for data breaches: As a result of a data breach, 52% of respondents said their customers asked for compensation, 46% reported major reputation loss, 35% reported customer churn, 34% reported a drop in stock price, 31% reported customers took legal action, and 23% said executives were let go.
- APIs are host to increased vulnerabilities. 82% of organisations who use API gateways do so to share and/or consume data however, the data indicates inadequate security measures around APIs. In fact, 70% of respondents do not require authentication from third party APIs, 62% do not encrypt data sent by APIs and a third (33%) allow third parties to perform actions, opening the door to additional threats.
- Frequent application updates introduce new security concerns. Organisations update applications much more frequently than reported in previous years. In fact, according to Radware’s 2017 survey, 40% of respondents claimed their organisation updates applications at least once per week. This year’s results show that approximately one third of all application types are updated on an hourly or daily basis, with about a quarter updated weekly. This increase introduces new concerns about securing applications in a rapidly changing environment.