New research by OPSWAT & F5 reveals critical cyber concerns

OPSWAT, a company specialising in critical infrastructure protection (CIP) cybersecurity solutions, and F5, which focuses on multicloud application security and delivery, have released new research highlighting significant IT and corporate leadership concerns regarding their readiness to tackle growing cyber threats. The report was conducted in collaboration with Dark Reading.

The study revealed that a considerable number of enterprises are struggling with the complexities of web application security, facing compliance issues, and suffering from a perceived lack of leadership support. Notably, 83% of companies have not fully deployed defence-in-depth strategies, rendering them vulnerable to increasingly sophisticated cyberattacks.

Key findings from the research showed that, over the past year, 35% of respondents reported experiencing a malware breach, 28% encountered credential theft or unauthorised account access, and 24% faced security compromises involving vendors, contractors, or other third parties. These statistics underscore the variety of threat vectors that contemporary organisations must contend with.

Compliance with regulatory requirements was another prominent issue identified in the study. Only 27% of respondents regularly referenced the Open Web Application Security Project (OWASP) for best practices in web application security, compared to 53% who referred to National Institute of Standards and Technology (NIST) guidelines and 37% who followed guidelines from the Cybersecurity and Infrastructure Security Agency (CISA).

Moreover, the research pointed to a perceived lack of leadership support as a critical concern among IT leaders. They reported feeling under-resourced, citing budget shortages, insufficient staff training, inadequate technical partnerships, and disparate security ecosystems as key factors. Additionally, they noted a general lack of attention from top management as a significant impediment to effective cybersecurity preparedness.

Migrating to and deploying cloud-hosted applications has exacerbated the complexity of web application security. Adhering to OWASP requirements before and during production remains particularly challenging, among other compliance issues.

DDoS attacks pose another significant threat, with only 25% of respondents feeling their organisations are fully prepared to respond. Preparedness for other threats—such as Advanced Persistent Threats (APTs), botnets, API security issues, and zero-day malware—was reported to be even lower.

Despite the clear awareness of necessary strategies, the report highlighted that only 17% of organisations have fully implemented a defence-in-depth approach, which is recommended by CISA. Such an approach employs multiple countermeasures in a layered manner, including techniques like sandboxing, Content Disarm and Reconstruction (CDR), behaviour analysis, vulnerability scanning, and security testing.

George Prichici, Vice President of Products at OPSWAT, provided further context on the findings. "This report is a reminder that the industry is constantly engaged in a catch-up game with threat actors, with cycles of attacks and countermeasures," he said. "As cyber threats evolve in complexity and scale, organisations must prioritise a multi-layered security approach. OPSWAT urges organisations to invest in advanced, prevention-based security technologies and ensure their teams are well-trained."