In a recent report titled "Application Security in a MultiCloud World 2023," cybersecurity and application delivery solutions provider Radware, in collaboration with Osterman Research, has shed light on the evolving threat landscape faced by organizations in the digital realm. The survey, conducted among industry experts, points to an alarming rise in attacks targeting web applications, as well as growing security concerns related to hybrid cloud infrastructures and the utilization of APIs. Furthermore, the study highlights the startling unpreparedness of many organizations to confront these security challenges effectively.
Key findings from the report reveal a significant increase in the frequency of attacks against applications, including bots, APIs, and DDoS attacks. Over the past year, application attacks have skyrocketed, now constituting a staggering 23% of daily attacks, compared to a mere 4% in 2022. Disturbingly, nearly half (46%) of organizations find themselves targeted by web application attacks daily or weekly, with DDoS attacks impacting 31% weekly. The financial implications of a successful application DDoS attack are dire, averaging $6,130 per minute in downtime costs.
As organizations increasingly rely on internally developed and third-party APIs to fuel their modern application strategies, the report underscores a lack of confidence in API security. A concerning 74% of respondents express doubts regarding the protection of their internally developed APIs against security threats, leading to unauthorized data access and potential breaches. Meanwhile, 99% of organizations heavily depend on third-party APIs or code, with 68% using more than 11 third-party APIs for each web application. Despite this widespread reliance, 64% of respondents admit they wouldn't be surprised if they experienced a supply-chain breach through third-party APIs or code.
Haim Zelikovsky, Vice President of Cloud Security Services at Radware, comments on the findings, stating, "Companies continue to admit to looming security challenges and struggle with a lack of readiness when it comes to protecting their applications and infrastructure."
The report also highlights growing concerns about public cloud security. Inconsistencies in security policies have become a significant problem, with 56% of respondents rating it as a concern, up from 26% in 2022. Other areas of concern include protection coverage between platforms (61%), unified visibility (58%), and centralized management (46%).
Lastly, the study reveals that organizations are rethinking their hybrid environments, with approximately 70% using private cloud services and on-premises data centers alongside public cloud platforms. A complex situation emerges as 46% of organizations operate in all three environments simultaneously, emphasizing the need for robust cross-environment administration, management, and security. Contrary to the trend of cloud migration, 73% of organizations not only continue to use on-premises environments but anticipate increased usage in the next 12 months. In the coming year, the consolidation of hosting applications on one or two public cloud platforms is expected.