Organizations lack confidence in security strategies, reveals OPSWAT survey

News Desk -

Share

OPSWAT has published its 2023 State of Web Application Security report, presenting the results of an online survey conducted among more than 400 executives, managers, and senior contributors. The report sheds light on the evolving landscape of web applications and cloud infrastructure, highlighting a significant disparity: Despite 75% of organizations making notable progress in upgrading their infrastructure, including the adoption of public cloud hosting and containerization, and with 78% increasing their security budgets, only 2% of industry experts feel confident in their security strategies.

In response to the ever-changing environment of web application security, organizations are continuously striving to adapt and strengthen their infrastructure, particularly due to the rise of hybrid work environments. Seeking enhanced productivity and scalable solutions, a majority of organizations have embraced public cloud hosting, with a staggering 97% either currently utilizing or planning to implement containerization.

Moreover, the implementation of applications utilizing storage services has increased alongside these infrastructure improvements, leading to concerns regarding file-based malware.

Key findings from the research include:

– 62% of organizations rely on five or fewer antivirus (AV) engines to detect malicious file uploads. Increasing the number of engines deployed can substantially enhance an organization’s defense against advanced malware.

– Content Disarm and Reconstruction (CDR) is more prevalent among larger organizations. This trend can be attributed to the higher volume of files handled by these organizations, rendering them more vulnerable to cyberattacks. However, small and medium-sized organizations can also benefit significantly from adopting CDR as a proactive measure against evolving cyber threats.

– Additional prevention-based approaches could benefit 98% of organizations. These approaches encompass periodic analysis of all file repositories in web applications to detect malware, identification of vulnerabilities in running virtual machine containers, and prevention of data exfiltration through redaction or blocking of sensitive data.

Yiyi Miao, Chief Product Officer at OPSWAT, emphasized the importance of organizations understanding that infrastructure upgrades alone are insufficient to ensure robust security. Miao stated that it is crucial to establish a proactive defense strategy that goes beyond traditional measures. By adopting and combining advanced threat prevention technologies such as multi-AV scanning, CDR, DLP, and dynamic threat analysis, organizations can effectively establish multiple lines of defense against both known and emerging threats, safeguarding their critical infrastructure.