Despite the ongoing concern over security, a recent study by cybersecurity vendor Radware found that organizations are still being hacked at an alarming rate.
Radware's second annual 2018 State of Web Application Security report found that at least 89% of the survey respondents have experienced attacks against web applications or web servers over the past 12 months. The study also revealed that most organizations (67%) believed that hackers could still penetrate their networks.
Also, encrypted web attacks increased from 12% last year to 50% this year, Radware reported. A majority of the respondents (59%) said they were under daily or weekly attacks.
“While organizations are recognizing they are under attack, often they’re discovering the breach only after pertinent information has been leaked,” said Radware's Carl Herberger, vice president of security solutions, in a prepared statement. “With today’s evolving threat landscape, organizations still need to be vigilant in equipping themselves to deal with increasing attack frequency and complexity.”
APIs are a particular Achilles' heel for security. The study found that while 82% of the organizations used API gateways to share information or consume data, there's a decided lack of security around the API themselves. Among the survey respondents, 70% don't require authentication from third-party APIs while 62% don't encrypt data sent by APIs. A third of the respondents allow third-parties to perform actions, which opens the door to additional security threats.
The lack of proper security measures is costly. As a result of data breaches, 52% said their customers asked for compensation, 46% reported "major reputation loss," and 35% reported customer churn. The study found that 34% of the respondents suffered drops in their stock prices while 31% took legal action, and 23% said executives were let go.
Radware commissioned Merrill Research for the study, which included surveying 301 executives and IT professionals around the globe.