Skip to main content

Web applications have become a security liability

(Image credit: Image Credit: Syda Productions / Shutterstock)

Although fundamental to the workings of many businesses, web applications have become the single greatest cybersecurity threat, research suggests.

A new report from security firm F5 and The Cyentia Institute, based on a range of sources and datasets, asserts that more than half (56%) of the largest security incidents to take place in the last five years were linked with web applications.

Responding to and recovering from these attacks is said to have cost the organizations involved more than $7.6 billion, accounting for 42% of all financial costs resulting from “extreme cyber loss events”.

Worryingly, the average time-to-discovery for security incidents involving web applications sits at 254 days, more than triple the 71-day average across all extreme loss events analysed. Slow response times both minimize the opportunity for businesses to recover effectively and leave security gaps open to further exploitation.

The report suggests most businesses know exactly what they need to do, which boils down to “fix your code, patch your systems, double up on your creds and watch your back(door),” as Cytentia puts it. However, this is easier said than done.

“We were surprised to see that underneath the surface, the ‘state of the state of’ is not one of discontinuity and fragmentation, but one of consensus about the difficulty of execution,” said Raymond Pompon, Director at F5.

“Creating meaningful guidance is challenging because all organizations are slightly different in subtle ways. Because of this, a shift towards a model of security intelligence that is more about how and less about what might inadvertently drive greater technological and operational conformity is expected.”

Joel Khalili is the News and Features Editor at TechRadar Pro, and has been a Staff Writer working across both TechRadar Pro and ITProPortal.