Report: Security staff excluded from app development

Security professionals have little influence over how apps are secured

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

According to a new survey, organizations are underusing cyber security skills in application development.

According to Radware’s “State of Web Application and API Protection” report, in 92% of organizations, security staff have no say regarding the continuous integration/continuous deployment (CI/CD) architecture and must secure it as-is. In 89% of organizations, the information security team doesn’t own the budget for security solutions.

The report found that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over half of their applications are exposed to the internet or third-party services via APIs.

Some 55% of organizations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly. We expect this to be the attack vector hackers use the most in 2021.

Bot management is also a significant concern because enterprises aren’t prepared to manage bot traffic properly. The report revealed that only 24% of organizations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.

According to Michael Osterman of Osterman Research, which conducted the research with Radware, risks are running higher than ever before. According to Osterman, “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Gabi Malka, chief operating officer for Radware, said that with more than 70% of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, putting them ahead of the cybersecurity curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, there is still a worrying level of complacency.”

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Hackers breach a San Francisco water treatment plant
Security

Hackers breach a San Francisco water treatment plant

18 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021