CIO Influence
CIO Influence News Cloud Security

OPSWAT and F5 Survey Reveals Widespread Unpreparedness for Escalating Application Security Threats

OPSWAT and F5 Survey Reveals Widespread Unpreparedness for Escalating Application Security Threats

83% of companies have not fully implemented defense-in-depth strategies, leaving them vulnerable to increasingly sophisticated cyberattacks

OPSWAT, a leader in critical infrastructure protection (CIP), has teamed with F5, the leading multicloud application security and delivery company, on a new survey with Dark Reading, highlighting significant industry concerns among IT and corporate leadership regarding their organization’s preparedness to face escalating cyber threats. Many enterprises are challenged with the complexities of web application security, compliance issues, and the perceived lack of support from organizational leadership.

The survey, which included responses from IT and corporate leadership, reveals a worrying trend: Over the past year, 35% of respondents reported suffering a malware breach, 28% experienced credential theft or unauthorized account access, and 24% faced a security compromise involving a vendor, contractor, or other third party.

Also Read: CIO Influence Interview with Mehdi Daoudi, CEO of Catchpoint

Other key findings from the survey include:

Challenges in Compliance with Various Regulatory Requirements: Many organizations struggle to maintain compliance with regulatory standards, with only 27% of respondents regularly referencing OWASP for web application security best practices. This contrasts with 53% referencing NIST and 37% referring to CISA guidelines.

Perceived Lack of Support from Leadership: IT leaders report feeling under-resourced, with the top concerns preventing them from feeling adequately prepared for security threats being budget shortages, inadequacies in staff training and technical partnerships, disparate security ecosystems and vendors, and a general lack of attention from top management.

Complexity of Web Application Security: The migration and deployment of cloud-hosted web applications have added significant complexity to web application security. For example, compliance remains challenging, particularly in adhering to OWASP requirements before and during production.

Lack of Preparedness for Escalating Attacks: A mere 25% of respondents feel their organizations are fully prepared to handle DDoS attacks, which have been on the rise globally. Preparedness for other threats such as Advanced Persistent Threats (APTs), botnets, API security issues, and zero-day malware is even lower.

Despite awareness of the necessary strategies, the report highlights a significant gap in implementation. While CISA recommends a defense-in-depth approach—utilizing multiple countermeasures in a layered manner, such as sandboxing, Content Disarm and Reconstruction (CDR), behavior analysis, vulnerability scanning, and security testing—only 17% of organizations have fully implemented these strategies. This leaves 83% of companies vulnerable, lacking the comprehensive, multi-layered security needed to defend against today’s sophisticated threats.

Listen Now: Key benefits of Intel vPro and why it’s an IT team’s dream platform!

“This report is a reminder that the industry is constantly engaged in a catch-up game with threat actors, with cycles of attacks and countermeasures,” said George Prichici, VP of Products at OPSWAT. “As cyber threats evolve in complexity and scale, organizations must prioritize a multi-layered security approach. OPSWAT urges organizations to invest in advanced, prevention-based security technologies and ensure their teams are well-trained. In today’s dynamic threat landscape, a comprehensive, layered approach to web application security is essential to protect critical infrastructure and safeguard sensitive data.”

Also Read: Decentralized Autonomous Organizations: What IT Leaders Must Know

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Nokia Upgrades Bouygues Telecom’s IP Network for Increased Capacity and Energy Efficiency

GlobeNewswire

SingleStore Announces World’s Only Hybrid Multi-cloud, Unified Analytical and Transactional Database

CIO Influence News Desk

Cybersecurity for AI Solutions Provider TrojAI Inc. Closes $3Million Seed Round