Application Security

Widespread Unpreparedness for Escalating AppSec Threats: OPSWAT and F5

83% of companies have not fully implemented defense-in-depth strategies, leaving them vulnerable to increasingly sophisticated cyberattacks

OPSWAT, a leader in critical infrastructure protection (CIP), has teamed with F5, the leading multicloud application security and delivery company, on a new survey with Dark Reading, highlighting significant industry concerns among IT and corporate leadership regarding their organization’s preparedness to face escalating cyber threats. Many enterprises are challenged with the complexities of web application security, compliance issues, and the perceived lack of support from organizational leadership. 

The survey, which included responses from IT and corporate leadership, reveals a worrying trend: Over the past year, 35% of respondents reported suffering a malware breach, 28% experienced credential theft or unauthorized account access, and 24% faced a security compromise involving a vendor, contractor, or other third party. 

Other key findings from the survey include: 

Challenges in Compliance with Various Regulatory Requirements: Many organizations struggle to maintain compliance with regulatory standards, with only 27% of respondents regularly referencing OWASP for web application security best practices. This contrasts with 53% referencing NIST and 37% referring to CISA guidelines. 

Perceived Lack of Support from Leadership: IT leaders report feeling under-resourced, with the top concerns preventing them from feeling adequately prepared for security threats being budget shortages, inadequacies in staff training and technical partnerships, disparate security ecosystems and vendors, and a general lack of attention from top management. 

Complexity of Web Application Security: The migration and deployment of cloud-hosted web applications have added significant complexity to web application security. For example, compliance remains challenging, particularly in adhering to OWASP requirements before and during production. 

Lack of Preparedness for Escalating Attacks: A mere 25% of respondents feel their organizations are fully prepared to handle DDoS attacks, which have been on the rise globally. Preparedness for other threats such as Advanced Persistent Threats (APTs), botnets, API security issues, and zero-day malware is even lower. 

Despite awareness of the necessary strategies, the report highlights a significant gap in implementation. While CISA recommends a defense-in-depth approach—utilizing multiple countermeasures in a layered manner, such as sandboxing, Content Disarm and Reconstruction (CDR), behavior analysis, vulnerability scanning, and security testing—only 17% of organizations have fully implemented these strategies. This leaves 83% of companies vulnerable, lacking the comprehensive, multi-layered security needed to defend against today’s sophisticated threats. 

“This report is a reminder that the industry is constantly engaged in a catch-up game with threat actors, with cycles of attacks and countermeasures,” said George Prichici, VP of Products at OPSWAT. “As cyber threats evolve in complexity and scale, organizations must prioritize a multi-layered security approach. OPSWAT urges organizations to invest in advanced, prevention-based security technologies and ensure their teams are well-trained. In today’s dynamic threat landscape, a comprehensive, layered approach to web application security is essential to protect critical infrastructure and safeguard sensitive data.” 

Download the full survey findings and learn how OPSWAT and F5 can assist in enhancing your organization’s application security: https://info.opswat.com/why-multi-layered-defense-is-critical-in-application-security 

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

Related posts

BreachLock recognized in Gartner for Application Security Report

PR Newswire

StackHawk Launches Deeper API Security Test Coverage

PR Newswire

Dynatrace to acquire Runecast

Business Wire