SecurityBrief Australia logo
Story image

App security not keeping up with rapid development — Radware

26 Jan 2021

In the wake of abrupt shifts to new working environments and customer engagement models last year, many organisations across the world continue to struggle to maintain consistent application security, according to a new report from Radware.

New architectures and the widespread adoption of application programme interfaces (APIs) are also exacerbating the problem by reducing security teams’ visibility, Radware says.

“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments,” says Radware chief operating officer Gabi Malka.

“This migration, in combination with an increased reliance on APIs and the addition of unsecured mobile apps, has been a boon to criminals, leaving them ahead on the cybersecurity curve. 

“While respondents who have already moved to the public cloud and have several apps exposed to APIs seem to understand the risks, those that haven’t seem perilously complacent.”

API’s are the next big threat

As APIs become commonplace as playing critical roles in web-enabled applications, CISOs across the world are becoming wary of the ability of APIs to process user credentials, payment information and other sensitive data. Because of this, API abuses are expected to become the most frequent attack vector, Radware says.

This is particularly troubling as large proportions of organisations’ applications are exposed to the internet via APIs — 40% of survey respondents confirmed as much, while 55% of organisations experience a DoS attack against their APIs at least monthly.

Mobile apps far less secure

A prime example of the consequences of the rapid shift to remote working, the mobile app development has surged but is highly insecure, in part because third parties commonly develop them.

Alarmingly, the research found that only 36% of mobile apps have security fully integrated, and a large proportion have either minimal or no security (22%). This will likely lead to mobile apps becoming a common channel for attacks. 

Security staff are not the prime decision-makers

Many survey respondents revealed that cybersecurity is not the first priority in app development — in fact, 90% of surveyed organisations said security staff are not a prime influencer on application development architecture nor the budget.

Some 43% of companies surveyed said security should not interrupt the end-to-end automation of the release cycle. This creates a situation in which the very people responsible for security have little control over how apps are developed.