OPSWAT released the findings of its 2023 State of Web Application Security report, based on an online survey of over 400 executive leaders, managers, and senior contributors. The survey provides a deep dive into the evolving state of web applications and cloud infrastructure and highlights a concerning disconnect: While 75% of organisations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerisation, and 78% have increased their security budgets, only 2% of industry experts are confident in their security strategies.
In today’s rapidly evolving landscape of web application security, organisations are constantly striving to adapt and fortify their infrastructure, particularly with the rise of hybrid work environments. Recognising the need for enhanced productivity and scalable solutions, most organisations have embraced public cloud hosting for their web applications, with an overwhelming 97% already employing or planning to implement containerisation.
The use of applications utilising storage services has also increased with these infrastructure upgrades, elevating concerns around file-based malware.
Key Research Findings:
62% of organisations use five or less antivirus (AV) engines to detect malicious file uploads
- This indicates a potential vulnerability, as deploying more engines can significantly strengthen an organisation’s defense against advanced malware.
Large organisations are more likely to use Content Disarm and Reconstruction (CDR)
- This trend can be attributed to the higher volume of files handled by these organisations, making them more susceptible to cyberattacks. However, small and medium-sized organisations can also greatly benefit from adopting CDR as a proactive measure against evolving cyber threats.
98% of organisations would benefit from additional prevention-based approaches
- These include periodic analysis of all file repositories in their web applications for malware, detection of vulnerabilities in running virtual machine containers, and prevention of data exfiltration by redacting or blocking sensitive data.
“Irrespective of the size or industry, organisations must recognise that infrastructure upgrades alone are not sufficient to guarantee robust security,” said Yiyi Miao, Chief Product Officer at OPSWAT. “It is imperative to establish a proactive defense strategy that goes beyond traditional measures. By adopting and combining advanced threat prevention technologies like multi-AV scanning, CDR, DLP and dynamic threat analysis, organisations can effectively establish multiple lines of defense against known and unknown emerging threats and safeguard their critical infrastructure.”
For more details and a comprehensive analysis of OPSWAT’s research, download the full report here: https://www.opswat.com/resources/reports/2023-state-of-web-application-security
Discussion about this post