IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Report: Security staff excluded from app development

Security professionals have little influence over how apps are secured

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

According to a new survey, organizations are underusing cyber security skills in application development.

According to Radware’s “State of Web Application and API Protection” report, in 92% of organizations, security staff have no say regarding the continuous integration/continuous deployment (CI/CD) architecture and must secure it as-is. In 89% of organizations, the information security team doesn’t own the budget for security solutions.

The report found that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over half of their applications are exposed to the internet or third-party services via APIs.

Some 55% of organizations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly. We expect this to be the attack vector hackers use the most in 2021.

Bot management is also a significant concern because enterprises aren’t prepared to manage bot traffic properly. The report revealed that only 24% of organizations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.

According to Michael Osterman of Osterman Research, which conducted the research with Radware, risks are running higher than ever before. According to Osterman, “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Gabi Malka, chief operating officer for Radware, said that with more than 70% of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, putting them ahead of the cybersecurity curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, there is still a worrying level of complacency.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022