Radware 2018 Web Application Security Report: Nearly half of the multinational companies claim to have suffered encrypted web attacks

Recently, Radware, a global provider of network security and application delivery solutions, released its second annual Web Application Security Survey: Radware 2018 Web Application Security Status. The report provides an in-depth analysis of the challenges companies face in securing Web applications and the impact of recent security breaches on these businesses over the past year. The report shows that most companies (67%) believe that hackers can still invade the corporate network.

The study focused on multinational companies and noted that the frequency and complexity of application-layer attacks are growing. At least 89% of respondents have experienced attacks against web applications or web servers in the past year. In particular, respondents claiming to have suffered encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) said that there were attacks every day or week.

Carl Herberger, vice president of security solutions at Radware, said: “Although companies constantly realise that they have been attacked, they often find data breaches after the information is leaked. In the current changing threat environment, companies are Vigilance still required when choosing protective measures to cope with the increasing frequency and complexity of attacks.”

Other important findings include:

• High-speed data collection and sharing poses significant risks. Multinational companies will pay close attention to the data they collect and share, and about half of the respondents said that they collect customer data for internal use only and will not share. However, 43% of respondents did share data on user behaviour, preferences, and analysis.
• The frequency and complexity of data security breaches are high. Nearly half (46%) of companies have experienced data breaches in the past year, and respondents have found that this type of application-layer attack is the most difficult to detect and mitigate.
• The risk of data breaches is high: after the data breach, 52% of respondents said their customers would claim compensation, 46% said they suffered a significant reputation loss, and 35% experienced customer churn 34% of respondents said the stock price dropped, 31% said the customer filed a lawsuit against them, and 23% said the executives were dismissed.
• There are more and more vulnerabilities in the API. Although 82% of companies use API gateways to share and use data, the data suggests that API-related security measures are not sufficient. 70% of respondents do not require third-party API authentication, 62% of respondents do not encrypt data sent via the API, and one-third (33%) of respondents allow third parties to perform operations. This opens the door to more threats.
• Frequent application updates introduce new security issues. Now, companies are updating applications more frequently than in previous years. In fact, according to the Radware 2017 survey, 40% of respondents said that companies update their apps at least once a week. This year’s results show that about one-third of app types are updated hourly or daily, and about a quarter of app types are updated weekly. The increase in update frequency has created new problems in how to protect application security in a rapidly changing environment.