Report: 5 ways web apps suffered in 2020 and will continue to suffer in 2021

2020 has been a struggle for security in the web application world, and it’s not going to improve in 2021, according to research from cybersecurity provider Radware.

Image: Getty Images / iStockphoto

The 2020-2021 Web Application Security Status Report is from cybersecurity vendor Radware, and it paints a grim picture of security over the past 12 months and an equally grim sight for the rest of 2021.

Among the results uncovered by Radware in its survey of 205 IT security decision makers are statistics as startling as 98% of those surveyed saying their applications were under attack in 2020, 92% of organizations exclude CI / CD workflow security teams, only 36% of mobile applications have integrated security into their development, and only 27% fully trust the security of their public cloud platforms despite 70% of applications hosted in the cloud.

In short, there are a lot of problems in the world of web applications, with Radware describing applications as “needlessly at risk” thanks to the rapid acceleration of digital transformation without the necessary security planning to go with it.

SEE: Identity Theft Protection Policy (TechRepublic Premium)

2020 has been a year of forced change, with many organizations having to move locally hosted apps and desktop software to the cloud due to COVID-19 lockdowns and work-from-home restrictions. As a result, according to the report, “the increased use of mobile applications for private and commercial business has created even more points of exposure for bad actors to target.” With little or no time to properly plan for pandemic-related increases in web application attack surfaces, 2021 will be a year in which businesses will need to quickly correct the trajectory to avoid costly and unnecessary security breaches.

Radware drew five key conclusions from its report that are critical to address in 2021. Security teams and IT leadership should take a moment to pause, think about how they may affect them, and take proactive action. to guarantee a safe year.

APIs become a threat

“There is a growing dependency and an increased dependence on web applications in the form of APIs,” the report says. He predicts that API abuse will be the most common attack vector in the future, which is bad news for many organizations.

Fifty-five percent of those surveyed said their organizations had experienced a DoS attack against their APIs at least once a month, 49% had experienced an injection attack within the same amount of time, and 42% were also targeted by a attack by manipulation of elements or attributes over a month. .

With so many applications using APIs and so many APIs dealing with sensitive information, it’s time to fix critical flaws before API attacks escalate.

Bot attacks may surprise you

Only 24% of respondents said their organization has a dedicated way to distinguish between human trafficking and bot trafficking, and only 39% are confident that they understand how bad bots work.

According to the report, a lack of knowledge about malicious bots can potentially surprise businesses, and with 82% of respondents saying they’ve experienced a bot attack, there’s little reason to ignore or not know about it. threatens.

Mobile apps are even less secure than web apps

As noted above, only 36% of mobile apps have integrated security into their development process. A total of 22% have minimal or no security, and 42% leave the security to a third-party bolt-on code.

“Until mobile application security is taken seriously, we expect to see more and more incidents, and increasingly serious, that use the mobile channel for attacks. This will likely put more pressure on businesses to secure mobile apps and not leave consumer data exposed to hackers. “said Radware.

Security personnel should be the primary decision-maker

With 43% of companies saying security shouldn’t interrupt the release cycle, “the same people responsible for security have little control over how applications are developed,” the report concludes. Additionally, 89% of organizations said that security personnel do not even have control over the budget for security solutions.

SEE: Social Engineering: Checklist for Professionals (Free PDF) (TechRepublic)

Being forced to secure applications “as is” is a recipe for disaster, especially with the current pace of digital transformation. Security personnel, according to the report, are taking precedence over the IT team in nine out of ten organizations “despite the threats described in the report.”

Expect DDoS Attacks to Hit You

A third of those surveyed said they had been subjected to weekly DDoS attacks in 2020, and 5% said they encountered them on a daily basis. DDoS attacks were the most frequently reported by respondents, and various security forecasts for 2021 also place DDoS attacks high on the list for the next 12 months.

Don’t expect to end the year without facing a DDoS attack: be prepared for the event that you could easily be among the 89% of respondents who said they had faced at least one attack in 2020.

Also look

Comments are closed.