Report: Security staff excluded from app development

Security professionals have little influence over how apps are secured

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

According to a new survey, organizations are underusing cyber security skills in application development.

According to Radware’s “State of Web Application and API Protection” report, in 92% of organizations, security staff have no say regarding the continuous integration/continuous deployment (CI/CD) architecture and must secure it as-is. In 89% of organizations, the information security team doesn’t own the budget for security solutions.

The report found that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over half of their applications are exposed to the internet or third-party services via APIs.

Some 55% of organizations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly. We expect this to be the attack vector hackers use the most in 2021.

Bot management is also a significant concern because enterprises aren’t prepared to manage bot traffic properly. The report revealed that only 24% of organizations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.

According to Michael Osterman of Osterman Research, which conducted the research with Radware, risks are running higher than ever before. According to Osterman, “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Gabi Malka, chief operating officer for Radware, said that with more than 70% of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, putting them ahead of the cybersecurity curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, there is still a worrying level of complacency.”

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021
Trend Micro and Snyk team up to combat open source flaws
vulnerability

Trend Micro and Snyk team up to combat open source flaws

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021