OPSWAT has teamed with F5 on a new report with Dark Reading,
highlighting significant industry concerns among IT and corporate leadership
regarding their organization's preparedness to face escalating cyber threats.
Many enterprises are challenged with the complexities of web application
security, compliance issues, and the perceived lack of support from
organizational leadership.
The
research, which included responses from IT and corporate leadership, reveals a
worrying trend: Over the past year, 35% of respondents reported suffering a
malware breach, 28% experienced credential theft or unauthorized account
access, and 24% faced a security compromise involving a vendor, contractor, or
other third party.
Other
key findings include:
Challenges
in Compliance with Various Regulatory Requirements: Many organizations
struggle to maintain compliance with regulatory standards, with only 27% of
respondents regularly referencing OWASP for web application security best
practices. This contrasts with 53% referencing NIST and 37% referring to CISA
guidelines.
Perceived
Lack of Support from Leadership: IT leaders report feeling under-resourced, with the top concerns
preventing them from feeling adequately prepared for security threats being
budget shortages, inadequacies in staff training and technical partnerships,
disparate security ecosystems and vendors, and a general lack of attention from
top management.
Complexity
of Web Application Security: The migration and deployment of cloud-hosted web applications
have added significant complexity to web application security. For example,
compliance remains challenging, particularly in adhering to OWASP requirements
before and during production.
Lack
of Preparedness for Escalating Attacks: A mere 25% of respondents feel their
organizations are fully prepared to handle DDoS attacks, which have been on the
rise globally. Preparedness for other threats such as Advanced Persistent
Threats (APTs), botnets, API security issues, and zero-day malware is even
lower.
Despite
awareness of the necessary strategies, the report highlights a significant gap
in implementation. While CISA recommends a defense-in-depth approach-utilizing
multiple countermeasures in a layered manner, such as sandboxing, Content
Disarm and Reconstruction (CDR), behavior analysis, vulnerability scanning, and
security testing-only 17% of organizations have fully implemented these
strategies. This leaves 83% of companies vulnerable, lacking the comprehensive,
multi-layered security needed to defend against today's sophisticated
threats.
"This
report is a reminder that the industry is constantly engaged in a catch-up game
with threat actors, with cycles of attacks and countermeasures," said George
Prichici, VP of Products at OPSWAT. "As cyber threats evolve in complexity
and scale, organizations must prioritize a multi-layered security approach.
OPSWAT urges organizations to invest in advanced, prevention-based security
technologies and ensure their teams are well-trained. In today's dynamic threat
landscape, a comprehensive, layered approach to web application security is
essential to protect critical infrastructure and safeguard sensitive
data."
Download the full findings and learn how OPSWAT and F5 can assist
in enhancing your organization's application security: https://info.opswat.com/why-multi-layered-defense-is-critical-in-application-security.