• Office Hours : 08:00 - 17:30

Report: Security staff excluded from app development

According to a new survey, organizations are underusing cyber security skills in application development.

According to Radware’s “State of Web Application and API Protection” report, in 92% of organizations, security staff have no say regarding the continuous integration/continuous deployment (CI/CD) architecture and must secure it as-is. In 89% of organizations, the information security team doesn’t own the budget for security solutions.

Thereport found that only 36% of mobile apps have security fully integrated. Nearly 40% of organizations say over half of their applications are exposed to the internet or third-party services via APIs.

Some 55% of organizations experience a DoS attack against their APIs at least monthly, 49% experience some form of injection attack at least monthly, and 42% experience an element/attribute manipulation at least monthly. We expect this to be the attack vector hackers use the most in 2021.

Bot management is also a significant concern because enterprises aren’t prepared to manage bot traffic properly. The report revealed that only 24% of organizations have a dedicated solution to distinguish between a real user and a bot. Moreover, only 39% of those surveyed have confidence in their understanding of what’s going on with sophisticated bad bots.

According to Michael Osterman of Osterman Research, which conducted the research with Radware, risks are running higher than ever before. According to Osterman, “With 2020’s rapid cloud migration, we were surprised to see the pervasiveness across organizations of dangerous levels of insecurity in mobile and cloud-based apps, as well as APIs.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Gabi Malka, chief operating officer for Radware, said that with more than 70% of respondents reporting that their production apps have already left the data center, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, putting them ahead of the cybersecurity curve. While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, there is still a worrying level of complacency.”

Featured Resources

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

The total economic impact of IBM identity and access management

Cost savings and business benefits enabled by IBM’s professional and managed services for identity and access management

Download now

The essential cyber security toolkit for SMBs

Practical tips for cyber security training

Download now

Hybrid cloud trends

Strategies for optimising on-premises and public cloud infrastructure

Download now

See the original article here: ITPro