Poor security practice leaves industry open to cyber threats

Despite a marked increase in concerns around malware attacks and third-party risk, only eight percent of organizations with web applications for file uploads have fully implemented the best practices for file upload security.

This is among the findings of the latest Web Application Security Report from critical infrastructure protection specialist OPSWAT.

The report also shows that 82 percent of organizations report an increased concern about malware attacks from file uploads since last year, and 49 percent of critical infrastructure industries are extremely concerned about protecting file uploads from malware.

"The hybrid workspace has been driving digital transformation and cloud migration initiatives for a while now, and the rise of cloud services, mobile devices, and remote workers has driven organizations to develop and deploy web applications that enhance the experience for their customers, partners, and employees," says Benny Czarny, founder and CEO at OPSWAT. "Web applications for file uploads help to streamline their business by making it faster, easier, and less expensive to submit and share documents. Consequently, this adoption has also introduced new attack surfaces that organizations are not effectively protecting."

Loss of revenue and reputational damage are top concerns in the event of an attack, named by with two-thirds of organizations. However, despite this a majority of organizations haven't implemented security best practices. A third of organizations with a web application for file uploads don't scan all file uploads to detect malicious files, and one in five scan with just one anti-virus engine. Two-thirds of organizations with a file upload web portal don't sanitize file uploads with CDR to prevent unknown malware and zero-day attacks.

"This research shows that, although organizations have expressed concerns around the risks of unsecured file uploads, few have adopted the necessary protocols to increase their security posture," adds Czarny. "The results shed light on the common blind spots for organizations leveraging web applications for file uploads. OPSWAT's industry-leading technologies can help combat the vulnerabilities we continue to see cybercriminals exploiting. This is all part of our mission to protect the world’s most critical infrastructures from malware and zero-day attacks."

You can get the full report from the OPSWAT site.

Image credit: alexskopje/depositphotos.com