Businesses are facing an array of challenges when it comes to application security. Over the years, web applications have been rising steadily as the top attack vector for breaches — and the move to remote work in 2020 intensified this shift. Many organisations had to expose internal applications to the internet, and a significant number had to rapidly lift and shift applications to the cloud.
Commissioned by Barracuda, The State of Application Security in 2021 report surveyed 750 application security decision makers responsible for their organisation’s application development and security to get their perspectives on data breaches, top application security vulnerabilities, and the most important product capabilities needed to defend against multi-vector application attacks.
Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats like bot attacks, API attacks, and supply chain attacks.
On average, respondent organisations were successfully breached twice in the past 12 months as a direct result of an application vulnerability. The range of application security-related challenges facing organisations extends beyond difficulties securing multiple attack vectors, with 43 per cent of respondents identifying bad bots as a security challenge, 39 per cent identifying software supply chain attacks, 38 per cent pointing to vulnerability detection, and 37 per cent saying securing APIs.
Bot-based attacks were shown to be the most likely contributor to successful security breaches resulting from application vulnerabilities in the past 12 months. In total, 44 per cent of respondents say bot attacks contributed to a successful security breach that exploited a vulnerability in the organisation’s applications in the last 12 months.
With such a high portion of organisations getting breached multiple times through their web applications in the past 12 months, it’s clear more needs to be done to protect against these threats. Organisations seem to understand this, with many looking to deploy new solutions in the coming year.
It is a good sign that they are moving to fill these gaps, but the more solutions they add, the more complex application security becomes. To provide effective protection, an application security solution needs to be a platform that is able to protect customers against all of these attack vectors. A platform approach to application security can provide powerful protection against both traditional and emerging threats while remaining easy to use and manage.
Tushar Richabadas is product marketing manager at Barracuda Networks
This article was originally published in the Summer 2021 issue of The Record. To get future issues delivered directly to your inbox, sign up for a free subscription.