- 31% of organizations experience DDoS attacks on a weekly basis
- 46% of organizations see web application attacks on a daily or weekly basis
- 66% of organizations would not be very surprised if their APIs were breached tomorrow
Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today released its new report, Application Security in a Multi-Cloud World 2023. The survey, which was conducted with Osterman Research, reveals the escalation of threats against web applications and increased security concerns about hybrid cloud infrastructures and API usage. At the same time, organizations struggle with low levels of security preparedness.
KEY FINDINGS
Frequency of Application Attacks Rise
The report reveals a surge in the frequency of bot, application, API, and DDoS attacks against applications over the past 12 months. During the past year, application attacks have become the most frequently occurring attack on a daily basis, jumping from 4% in 2022 to 23% in 2023.
- Almost half of organizations (46%) experience web application attacks daily or weekly.
- Nearly one third (31%) of organizations face DDoS attacks weekly.
- Downtime due to a successful application DDoS attack costs organizations an average of $6,130 per minute.
Lack of Confidence Plagues Increased API Usage
While the use of internally developed and third-party APIs may be inextricably tied to core business processes, outcomes, and thus measures of business success, they are also a cause for anxiety for most organizations.
- More than 87% of organizations report they are developing and using more APIs as an essential element of their modern application strategy. Yet, nearly three out of four respondents (74%) lack confidence that their internally developed APIs are protected against security threats that lead to unauthorized data access, exposure of application logic, and data breaches.
- Nearly all organizations (99%) make extensive use of third-party APIs or code, with 68% using more than 11 third-party APIs for each web application. Despite widespread usage, 64% of respondents would not be very surprised if they experienced a supply-chain breach via third-party APIs or code tomorrow.
“Companies continue to admit to looming security challenges and struggle with a lack of readiness when it comes to protecting their applications and infrastructure,” said Haim Zelikovsky, vice president of cloud security services at Radware. “Threats against applications are increasing in frequency and severity. Compounding these threats is marked concern over multi-cloud security, the weak protection of internally developed and third-party APIs, and subpar defenses against application DDoS attacks.”
Public Cloud Security Takes a Hit
Between 2022 and 2023, the survey shows a marked increase in concern over public cloud security. The inability to achieve consistent security policies surfaced as the problem that grew the most during the last year. In 2023, more than half of respondents (56%) rated inconsistent security policies a problem or extreme problem, up from 26% in 2022. Other areas respondents ranked as problems or extreme problems include:
- Protection coverage between platforms: 61% in 2023 compared to 38% in 2022
- Unified visibility: 58% in 2023, up from 41% in 2022
- Centralized management: 46% in 2023, compared to 34% in 2022
Companies Rethink Hybrid Environments
While every organization relies on at least one public cloud platform, approximately 70% also report using private cloud services and on-premises data centers for hosting applications.
- Almost half (46%) of organizations use all three environments in parallel, creating a complex situation where strong cross-environment administration, management, and security are essential.
- Despite the ongoing discussion about “the great cloud migration” and the abandonment of on-premises environments, approximately three quarters (73%) of organizations not only still use these environments but expect usage to increase in the next 12 months.
- During the next 12 months, the use of public clouds for hosting applications is expected to consolidate around one or two public clouds.
Methodology
The survey includes responses from senior DevOps and DevSecOps administrators, application and cloud security architects, senior network security administrators, vice presidents of research and development, among other security roles. It was conducted in 10 countries across the Americas, APAC, EMEA, and LATAM.
The complete Application Security in a Multi-Cloud World 2023 report can be downloaded here.
About Radware
Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.
©2023 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE RADWARE APPLICATION SECURITY IN A MULTI-CLOUD WORLD REPORT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say that during the next 12 months, the use of public clouds for hosting applications is expected to consolidate around one or two public clouds, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; the effects of the current attacks by the terrorist groups Hamas and Hezbollah, and the war between Israel and Hamas and Israel and Hezbollah; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; a shortage of components or manufacturing capacity could cause a delay in our ability to fulfill orders or increase our manufacturing costs; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; our ability to successfully implement our strategic initiative to accelerate our cloud business; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; risks and uncertainties relating to acquisitions or other investments; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; intense competition in the market for cyber security and application delivery solutions and in our industry in general, and changes in the competitive landscape; changes in government regulation; outages, interruptions, or delays in hosting services or our internal network system; compliance with open source and third-party licenses; the risk that our intangible assets or goodwill may become impaired; our dependence on independent distributors to sell our products; long sales cycles for our solutions; changes in foreign currency exchange rates; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; changes in tax laws; our ability to realize our investment objectives for our cash and liquid investments; our ability to attract, train, and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.