Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings from a report titled The state of application security in 2021. Commissioned by Barracuda, the research surveyed 750 application security decision makers responsible for their organization’s application development and security to get their perspectives on data breaches, top application security vulnerabilities, and the most important product capabilities needed to defend against multi-vector application attacks.
Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats like bot attacks, API attacks, and supply chain attacks. Highlights from the report include:
- On average, respondent organizations were successfully breached twice in the past 12 months as a direct result of an application vulnerability.
- 72% of respondents say their organization suffered at least one breach from an application vulnerability.
- 32% say their organization suffered two breaches due to an applications vulnerability.
- 14% were breached three times for due to application vulnerabilities.
- The range of application security-related challenges facing organizations extends beyond difficulties securing multiple attack vectors.
- Respondents identified their top application security challenges as bad bots (43%), software supply chain attacks (39%), vulnerability detection (38%), and securing APIs (37%).
- Respondents identified their top application security challenges as bad bots (43%), software supply chain attacks (39%), vulnerability detection (38%), and securing APIs (37%).
- Bot-based attacks are the most likely contributor to successful security breaches resulting from application vulnerabilities in the past 12 months.
- 44% of respondents say bot attacks contributed to a successful security breach that exploited a vulnerability in the organization’s applications in the last 12 months.
“Applications have been steadily rising as one of the top attack vectors in recent years, and the rapid shift to remote work in 2020 only intensified this,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda. “Organizations are struggling to keep up with the pace of these attacks, particularly newer threats like bot attacks, API attacks, and supply chain attacks, and they need help filling these gaps effectively.”
The survey, conducted by independent market researcher Vanson Bourne, includes responses from 750 application security decision makers responsible for their organization’s application development and security. They came from organizations in companies with 500 or more employees in the U.S., EMEA, and APAC.