Most companies not putting adequate investment into application security
According to a new survey from Arxan, only 25 percent of respondents say their organization is making a significant investment in solutions to prevent application attacks.
This is despite awareness of the negative impact of malicious activity. A worrying 65 percent of companies say they would be spurred to increase application protection measures only after an end user or customer was negatively affected.
"It's disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring," says Joe Sander, CEO of Arxan. "It's backward thinking, and it puts customers at significant risk. You don’t wait until you’re in a car crash to buy car insurance. It's crucial to place security investments where attacks are happening."
Among other findings the study shows that nearly 75 percent of organizations likely, most likely or definitely experienced a material cyberattack or data breach within the last year due to a compromised application. In addition 64 percent of respondents say they are either very concerned or concerned that they will be hacked through an application. Plus, 54 percent expect the severity of threats to increase in 2018.
The majority (79 percent) of survey respondents agree that the ability to detect application attacks 'in the wild' is very important. And nearly half of the survey's respondents say they would update their application protection solution as frequently as hourly or daily if they had visibility into specific types of attacks being waged against their apps.
"The ability to know how app attacks are being executed as they unfold reduces the window of opportunity for attackers," says Sander. "That real-time intelligence lets businesses respond with direct countermeasures to stay ahead of threats, and can help validate the need for increased AppSec investment before it's too late."
The full report is available from the Arxan website.