Radware study reveals large increase in encrypted web attacks
- Published: Thursday, 04 October 2018 10:20
Radware has released findings from its second annual web application security report, ‘2018 State of Web Application Security’. The report shares an in-depth view of the challenges that organizations face in protecting web applications and how recent security breaches have affected them in the past year.
The research focused on global companies and showed a growing frequency and complexity of application-layer attacks. At least 89 percent of respondents have experienced attacks against web applications or web servers in the past 12 months. In particular, respondents reporting encrypted web attacks increased from 12 percent in 2017 to 50 percent in 2018. Most respondents (59 percent) reported daily or weekly attacks.
Additional key survey findings include:
High rate of data collection and sharing creates massive exposure.
Organizations with a global presence keep tabs on the data that they collect and share, with about half of respondents saying they only collect customer data for internal use and do not share it. However, 43 percent of respondents are specifically sharing data about user behavior, preferences and analytics.
Data security breaches are high in frequency and complexity.
Almost half (46 percent) of organizations have experienced data security breaches in the last 12 months, and respondents find this type of application layer attack to be the most difficult to both detect and mitigate.
The stakes are high for data breaches.
As a result of a data breach, 52 percent of respondents said their customers asked for compensation, 46 percent reported major reputation loss, 35 percent reported customer churn, 34 percent reported a drop in stock price, 31 percent reported customers took legal action, and 23 percent said executives were let go.
APIs are host to increased vulnerabilities.
While 82 percent of organizations who use API gateways do so to share and/or consume data, the data indicates that there are often inadequate security measures around APIs. In fact, 70 percent of respondents do not require authentication from third party APIs, 62 percent do not encrypt data sent by APIs and a third (33 percent) allow third parties to perform actions, opening the door to additional threats.
Frequent application updates introduce new security concerns.
Organizations update applications much more frequently than reported in previous years. In fact, according to Radware’s 2017 survey, 40 percent of respondents claimed their organization updates applications at least once per week. This year’s results show that approximately one third of all application types are updated on an hourly or daily basis, with about a quarter updated weekly. This increase introduces new concerns about securing applications in a rapidly changing environment.
On behalf of Radware, Merrill Research surveyed 301 executives and IT professionals from across the globe. To participate in Radware’s 2018 State of Application Security research, respondents were required to work for a company with at least at least 250 million USD/EUR/GBP/RMB in revenue and a worldwide scope.
To read the full report on the survey’s findings, download from https://www.radware.com/2018-was-report (registration required).