In a recent study conducted by K2 Cloud and Positive Technologies, it was revealed that 28% of Russian organizations are neglecting to protect their web applications despite the fact that they are prime targets for cyber attacks. This joint study aimed to identify effective approaches to safeguarding web applications and predicting future trends in the corporate Information Security Market (IB) segment.
The survey included input from over 100 IT directors of major companies across various industries such as telecommunications, manufacturing, retail, banking, IT, and education. Findings from the study indicated that the exploitation of vulnerabilities in web applications continues to be one of the top three methods of attacking organizations for the past five years.
Companies that prioritize the security of their web applications were found to opt for classic approaches using single tools or combined solutions. For instance, 20% of respondents rely solely on a Web Application Firewall (WAF), 12% utilize Anti-Bot solutions, and 52% use a combination of Anti-DDOS and WAF. Moreover, there is a noticeable shift towards cloud technologies with 10% of companies already fully migrated to cloud solutions, 15% utilizing hybrid models, and 30% planning to switch from on-premise systems to cloud solutions in the upcoming year.
K2 Cloud emphasized the importance of integrated protection for web applications in light of the increasing number and sophistication of cyber attacks. Approximately 40% of attacks are currently carried out through APIs, underscoring the critical need for robust protection measures. Despite this, many companies are not adequately prepared to address such threats, raising concerns about their business security. Cloud-based protection offers swift deployment and enhanced flexibility through scalability.
The survey also indicated a shift towards comprehensive solutions for web application security as standalone tools like WAF and Anti-Bot are no longer sufficient to mitigate all potential risks. As a result, complex Application Security Platforms are likely to dominate the market in the coming years.
Positive Technologies pointed out that while WAF does not guarantee 100% protection against all hacker attacks, it does make web applications less appealing to attackers at the reconnaissance stage. Detecting protection on a web resource may prompt attackers to target less secure options. Even if a protected web application is targeted, WAF significantly increases the complexity and cost for hackers, reducing the likelihood of a successful breach.