It’s a struggle for businesses to maintain consistent application security across multiple platforms, according to a US cyber security firm. Businesses are also losing visibility with the emergence of new architectures and the adoption of Application Program Interfaces (APIs). Businesses are adjusting rapidly to remote working due to the covid pandemic, leaving decision makers little or no time to conduct security planning, says Radware in its 2020-2021 State of Web Application Security Report.
Gabi Malka, Chief Operating Officer for Radware said: “With more than 70 per cent of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.
“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, leaving them ahead on the cyber security curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, those that haven’t seem perilously complacent.”
Mobile apps played a critical role during 2020 as most information workers were shifted to at-home work, and as most use mobile apps for entertainment, social interaction, education, and shopping. However, mobile app development is highly insecure. This is true, in part, because mobile apps are more commonly developed by third parties.
The study found that only 36pc of mobile apps have security fully integrated, and some have either minimal or no security (22pc). As a result, until mobile apps security is treated seriously, Radware says that it expects to see more – and more serious – incidents that use the mobile channel for attacks. That in turn will the cyber firm suggests put more pressure on enterprises to secure mobile apps and not leave consumer data exposed to hackers.
Of those surveyed by Osterman Research, most said that IT security is not the prime influencer on application development architecture nor the budget. Some 43pc of companies surveyed said security should not interrupt the end-to-end automation of the release cycle. Denial-of-service at the application layer is frequently in the form of HTTP/S floods. To read the full report visit https://www.radware.com/resources/complete-protection/.
Comment
At the app development firm Mendix, Nick Ford, Chief Technology Evangelist said: “With the report finding that only 36pc of mobile apps have fully integrated security measures in place, it’s clear that organisations need to think carefully about how they can ensure cyber security skills are used in application development. Shadow IT is one cause of such problems, as applications are often built without the full knowledge of security teams. Low-code can remove the negative aspects of shadow IT while retaining the benefits that it provides, by empowering business users to build software using IT approved tools. This new approach is called citizen development. Citizen development is a win-win situation – it’s frees up the business to build apps that can solve their immediate problems, while IT departments still have the knowledge, visibility, and control of all the apps that are being developed and used in the company. This in turn will ensure organisations remove dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”
