Amid today’s technology-driven, ferociously paced globalisation, one key element of company operations has, for many, become an afterthought: web application security.
It’s little surprise that more and more companies are investing more time and resources into research and development (R&D). The presence of technology such as big data, Internet of Things (IoT) and artificial intelligence (AI) provide companies with unprecedented opportunities to innovate and grow. However, globalisation coupled with this new technology means that competition has never been greater.
This understandably places huge pressure on enterprises to stay ahead of competitors. But many have become so blinkered and innovation-focused that that they have forgotten about something so fundamental: security. The 2018 Trustwave Global Security Report found that 86% of tested applications showed one or more session management vulnerabilities.
The World Economic Forum once again considers cyberattacks to be a top ten risk to global stability in 2020 and it’s clear that this needs to be the year that businesses get back to basics and galvanise their web application security before dreaming big.
As per Imperva, web application security “is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code.” They outline the most common targets for web application attacks: content management systems (e.g. WordPress), database administration tools (e.g. phpMyAdmin) and SaaS applications.
Gartner claims that “Applications, not the infrastructure, represent the main attack vector for data exfiltration.” They argue that, as organisations lose more control over their infrastructure with trends like mobility and cloud, applications become one of the last control points for imposing the organisation's security policy. Meanwhile, Verizon estimates that over 85% of hacking vectors target web applications.
Businesses surveyed by the IBM-sponsored Ponemon Institute estimated that the total average cost of web application attacks in the Asia-Pacific region over the past 12 months was €2.18 million per company.
Web application security is a big deal.
Web applications are targeted for their high value rewards, including sensitive private data and because of the complexity of their source code which, as per Imperva, “increases the likelihood of unattended vulnerabilities and malicious code manipulation.”
Veracode highlights some of the most common flaws leading to modern data breaches:
When we consider the inherent nature of technology and the fact that most applications exist in a state of constant development, there is no one all-encompassing fix for web application security. However, there are several preventative measures available for companies.
A Web Application Firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. By deploying a WAF in front of a web application, Cloudflare describes how “a shield is placed between the web application and the Internet.”
In addition to WAFs, there are several methods for securing web applications. These include: cryptography to secure all data transmissions; using cookies securely; ensuring that authorisation and access control processes are in order; and using malware detection (MD) software.
The Fourth Industrial Revolution (4IR) has brought about profound change, change occurring at a rate which, from a security standpoint, we are not fully prepared for. Companies overlooking security and opting to invest their efforts heavily in AI, blockchain and the likes will be those who take one step forward in the short-term but inevitably fall two steps back further down the line.
Tech Beacon reports that it takes on average 38 days to patch a web application vulnerability regardless of the severity.
Consumer trust has never been so valuable, and security is going to be a key indicator of success. Before enterprises begin to reach for the stars with emerging technologies, they would be well-advised to ensure that their house is in order first. Otherwise, they will be set up to fail.
As digital transformation brings new threats and opportunities, firms must handle them responsibly and securely.