Most organisations (67%) believe hackers can still penetrate their network and 89% say they have had an application layer attack in the past year, according to a survey report.
The report gives an in-depth view of the challenges organisations face in protecting web applications and shows the growing frequency and complexity of application-layer attacks.
The proportion of respondents reporting encrypted web attacks increased from 12% in 2017 to 50% in 2018, while most respondents (59%) reported daily or weekly attacks.
The second annual State of web application security report was commissioned by security firm Radware and is based on a survey of more than 300 executives and IT professionals at global companies by Merrill Research.
More often than not, the survey reveals that businesses find out about data security breaches only when the leak goes public and more than one-third (35%) are losing customers because of them.
Nearly a quarter (23%) of businesses said they have fired IT executives because of a breach and almost one-third of companies face legal action from customers.
Despite the risks and potential consequences, the survey shows that most businesses have inadequate security around application programming interfaces (APIs), with 82% of organisations that use API gateways doing so to share and/or consume data, but 70% of respondents do not require authentication from third-party APIs, 62% do not encrypt data sent by APIs, and 33% allow third parties to perform actions, opening the door to additional threats.
“While organisations are recognising they are under attack, often they are discovering the breach only after pertinent information has been leaked,” said Carl Herberger, vice-president of security solutions at Radware.
“With today’s evolving threat landscape, organisations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
Read more about application security
- Application and device security under the spotlight.
- How to manage application security risks and shortcomings.
- Application security vulnerabilities are often known exploits.
- Better app security requires both designing security in and protecting it from without.
- How to craft an application security strategy that is airtight.
The survey shows that a high rate of data collection and sharing creates massive exposure, and that data breaches are high in frequency and complexity.
Stakes are high for data breaches, the survey shows, with 52% of respondents admitting their customers had asked for compensation, while 46% reported major reputation loss, 35% reported customer churn, 34% reported a drop in stock price, 31% reported customers taking legal action, and 23% said executives were dismissed.
Another key finding of the research is that frequent application updates introduce new security concerns and that organisations update applications much more frequently than reported in previous years.
About one-third of all application types are updated hourly or daily, with about a quarter updated weekly, whereas in the 2017 survey, 40% of respondents said their organisation updated applications at least once a week.
This increase introduces new concerns about securing applications in a rapidly changing environment, the report said.