Report: Security staff excluded from app development

Security professionals have little influence over how apps are secured

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

According to a new survey, organizations are underusing cyber security skills in application development.

According to Radware’s “State of Web Application and API Protection” report, in 92% of organizations, security staff have no say regarding the continuous integration/continuous deployment (CI/CD) architecture and must secure it as-is. In 89% of organizations, the information security team doesn’t own the budget for security solutions.

The report found that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over half of their applications are exposed to the internet or third-party services via APIs.

Some 55% of organizations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly. We expect this to be the attack vector hackers use the most in 2021.

Bot management is also a significant concern because enterprises aren’t prepared to manage bot traffic properly. The report revealed that only 24% of organizations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.

According to Michael Osterman of Osterman Research, which conducted the research with Radware, risks are running higher than ever before. According to Osterman, “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Gabi Malka, chief operating officer for Radware, said that with more than 70% of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, putting them ahead of the cybersecurity curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, there is still a worrying level of complacency.”

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Acer Taiwan falls victim to cyber attack
hacking

Acer Taiwan falls victim to cyber attack

18 Oct 2021
Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021