A new report, the Hiscox Cyber Readiness Report 2021, surveyed over 6,000 companies in the U.S. and Europe and found that the number of businesses targeted by cyber criminals in the past year increased from 38 percent to 43 percent, with 28 percent of those targeted, experiencing five or more attacks. A consequence of the increased attacks has been the financial impact to the organizations, with 17 percent saying the financial hit materially threatened the company’s future. Attacks had a higher financial impact to smaller organizations, and 5 percent of organizations reported costs of over $300,000 or more for a cyber attack.
The report is in its fifth year. One positive piece of news to come from the report was that spending on cyber security has increased, in some cases more than doubling the last 2 years.
This report is a good reminder to organizations to revisit their security measures for their public facing web applications and application workloads.
Take a Page from NIST to Improve Application Security
There are a number of simple measures an organization can take to improve their web application security stance. First starts at the very beginning of application development, and that’s making sure developers take security into consideration when developing and coding applications. Second, is making sure that software and operating systems are kept up to date, with the latest updates and patches to ensure known vulnerabilities that have patches are not exploited.
In addition to these two fundamental starts to application security, there’s still a need to ensure security for web applications running in production, especially against threats either missed or not typically secured by network or system level security. The OWASP Top 10 Web Application Security Risks are a great example of risks that aren’t typically protected with network or system level security.
It is important to remember to have a security framework that offers a defense-in-depth architecture. Maybe it’s time to take a hint from the recent finalization of the National Institute of Standards and Technology (NIST)’s SP800-53 that was just released on September 23, 2020. The new security and privacy framework standard now requires Runtime Application Self-Protection (RASP) and Interactive Application Security Testing (IAST) as added layers of security in the framework.
Change how you protect your applications, and check out K2’s web application and application workload security solutions and evaluate K2’s effectiveness at detecting vulnerabilities and protecting your organization from attacks.