If we say 2020 was a year of random unplanned changes, we are not wrong! The coronavirus outbreak forcefully restricted occupational activities and altered work flows. Not only this, the pandemic altogether demanded different business strategies, having to move locally incorporated applications and in-office software onto the cloud, since the work is being shifted to work-from-home.
As a result, a different work process calls for different security strategies. More organizations are now adopting cloud-based apps so that they can sail through the difficult times. Moreover, the COVID-19 pandemic has rammed the digital space all over the world. Now, the new-COVID reality has led to various ways to apps sharing and file sharing.
According to a 2020-2021 State of Web Application Security Report by cybersecurity provider Radware; the past one-year with COVID-19 has been a struggle for digital security in the realm of web applications. It further states that this is not going to get better in the rest of 2021 too.
Among the findings Radware revealed in its study of 205 IT security leaders are such alarming stats as 98% of respondents saying their applications suffered from a breach or attack in 2020, 92% of companies are barring security groups from CI/CD work processes, just 36% of mobile applications have coordinated security into their app development, and only 27% totally trust the security of their public cloud platforms notwithstanding 70% of applications being facilitated in the cloud-based servers.
The results from the Radware’s survey indicated that the digital space is growing without prior pandemic-related planning. So, a lot more security risks are expected with the 2021 as well. The report from Radware stated that “the increased use of mobile apps for private and business matters created even more exposure points for bad actors to target.” It is high time for decision-makers to focus on the right course of actions to avoid security breaches in the rest of 2021.
Radware hauled five key points out of its report that are fundamental to address in 2021. Security groups and IT authorities should pause for a minute to stop and reflect on ways to guarantee a secure year. Let’s take a walkthrough of these proactive steps from Radware’s report – we are going to discuss here in this article.
- APIs are turning into a big threat
There is a developing reliance on, and expanded dependence on, web-based applications as APIs, the report said. It predicts API maltreatments to be the most continuous attacks in the future. This spells terrible news for most of the organizations.
55 percent of respondents said their organizations encountered a DoS attack against their APIs in any event once every month, 49% experience an infusion attack in the equivalent time period, and 42% are focused with a component or characteristic manipulation attack longer than a month too.
With so numerous applications utilizing APIs, thus numerous APIs handling delicate data, it is an ideal opportunity to fix basic glitches before API attacks become worse.
- Unaware bot attacks can arrive
A bot (short for Robot) is a little piece of software that automates requests to the web in different objectives. Bots are built to perform assignments without human mediation, including everything from scanning website content to giving customer support and more. A bot can be good in a supportive manner, or bad or ugly with malicious goals. Whereas, “bot attacks” refers to the attackers or ugly bot with fraudulent goals.
Out of 205 respondents, only 24% said that their organization has various dedicated methods to recognize human and bot traffic. Out of the whole, mere 39% are certain about the working of bad bots.
According to the Radware’s report, very few organizations are aware of the noxious bots that can possibly get endeavors unknowingly. 82% of people say that they can ignore or can be carefree about this threat since they’ve confronted very little bot attack.
- Mobile applications are even less secure than web applications
Mobile apps are not the latest craze in the domain of mobile technology. Almost all web apps have their versions of mobile apps. The Covid-enforced lockdown brought sheer changes to our overall lifestyle, preferences and consumer behavior. As per App Annie’s research, in 2020 annual mobile app downloads rose up to 218 billion downloads – a seven percent increase year-over year. The figure is expected to rise in 2021 too.
As expressed above in Radware’s report, just 36% of mobile applications have security coordinated into their app development cycle. A 22% have insignificant or no security, and 42% leave security to third-parties.
This indicates that so far the security of mobile apps is not being taken seriously, which leads to more — and more attackers on mobile applications. Thus the organizations should now put more focus on the security of mobile apps and not leave consumer data to hackers.
- Security staff should be essential decision-makers
Report finishes up like this – 43% of organizations said that security should not intrude on the release cycle. Half of the sector provides little control over security to the individuals who are directly answerable for security solutions. Moreover, 89% of organizations said that security faculty do not have control of the budget plan for security arrangements.
The report has outlined many threats with respect to security of apps. But despite being known and aware of the risks, the IT teams take a rear seat in nine out of ten organizations.
- Expect DDoS attacks to hit you
33% of respondents said that they faced weekly DDoS assaults in 2020, and 5% said they confronted them every day. DDoS attacks were the most generally announced by respondents, and different 2021 security forecasts put DDoS attacks at the first spot on the list for the following year also.
So it is expected that every application would face a DDoS assault: sooner or later. Be ready for the outcome that you could undoubtedly be in the 89% of respondents who said they faced at least one in 2020.
Keeping in view the Radware’s report, all we have to do is to prepare ourselves for the worst to come post-Covid and reflect on ways to enhance security of web applications. The new normal has stayed up for quite a long time now and digital transformation is surely going to be accelerated in the rest of 2021.
This article submitted by Bianca Patrick.
Thanks for reading. If you like this post probably you might like my next ones, so please support me by subscribing my blog.