New report reveals opportunities to address weak security in APAC organisations
Bad bots, broken APIs, and supply chain attacks rate high.
Cloud security specialist Barracuda has released a new report – The State of Application Security in 2021 – revealing interesting insights about the application security threat landscape globally and in the Asia Pacific region.
The report is timely, considering that many companies have had to expose internal applications directly to the internet or via cloud platforms over the last year, to accommodate remote working.
So how have organisations fared? Which vectors of attack have been the most common, and what are the biggest application security concerns in the Asia Pacific region?
The report, by market research firm Vanson Bourne, details the results of a survey of 750 decision makers responsible for IT security, application security, application development, or risk/fraud/compliance/governance in their organisations. Survey participants work in organisations in the US, Europe and the Asia Pacific region, which have 500 employees or more.
Key findings include:
- On average, respondents’ organisations were successfully breached twice in the past 12 months as a direct result of an application vulnerability. Of these, 72 percent said their organisation suffered at least one breach, 32 percent stated they had suffered two breaches, and 14 percent were breached three times or more due to application vulnerabilities. Asia Pacific organisations fared slightly higher than the average, with 38 percent stating they had been breached twice.
- Bot-based attacks are the most likely contributor to successful security breaches resulting from application vulnerabilities in the 12 months prior to the survey, accounting for 44 percent of breaches globally. In the Asia Pacific region, the next most common contributor to breaches were supply chain attacks, which attributed to 40 percent of successful attacks. This was higher than the US where supply chain attacks accounted for 43 percent of breaches, and in Europe where they accounted for 36 percent of breaches.
- The top five security challenges for the Asia Pacific region are from bad bots (39 percent), supply chain attacks (46 percent), vulnerability detection (43 percent), API security (37 percent), and security slowing down application development (44 percent). Notably, Asia Pacific companies rated supply chain attacks, security slowing down application development, and lack of alignment between security and development teams as greater challenges than respondents from the US and Europe.
Survey participants said that vulnerability detection remains a challenge, and the implementation of security in the development phase – especially in DevOps environments – remains a complex problem.
Awareness of potential threats is a significant challenge as well, especially when it comes to API security. Asia Pacific organisations reported the highest rates of 'Lack of knowledge of where APIs are deployed or used' and 'Lack of understanding of API standards' compared to their US and Europe counterparts.
A far higher proportion of Asia Pacific region respondents indicated that notable improvements were needed in regard to API security, compared to their US and European counterparts.
Conversely, and moving on to software supply chain attacks, the percentage of applications relying on the use of third-party scripts for Asia Pacific organisations came in at 48 percent – the lowest of the regions – with the US recording the highest at 66 percent. However, Asia Pacific companies also rated highly the need for further improvements with 49 percent stating, ‘Notable improvements needed’ in response to the question ‘What level of improvement is needed in your organisation when it comes to defending against software supply chain attacks?’
All of which points to potential opportunities for companies in this space to provide services and address critical issues through cloud-based security products that focus on these challenges.
So, where to from here? The survey indicates that key decision makers aren't sitting on their hands, with many planning to deploy new security solutions over the next 12 months.
Top of the list are comprehensive solutions focusing on bot protection (41 percent), API gateway protection (36 percent), software supply chain (33 percent), anti-fraud (33 percent), and security information and event management (32 percent). Only a small fraction (3 percent) of respondents stated they had no plans to deploy new security solutions in the coming year.