Radware® (NASDAQ:RDWR), a leading provider of cyber security and
application delivery solutions, released a new study today titled
Radware Research: Web Application Security in a Digitally Connected
World. The report takes an in-depth look into how organizations
protect their web applications, and identifies clear gaps in
security among common DevOps practices, highlights top attack types
and vectors, as well as identifies key areas of risk and concern.
The research, which focused on such highly targeted industries
as retail, healthcare and financial services, exposes the
proliferation of bot-driven Web traffic and its impact on
organizations’ application security. In fact, bots conduct more
than half (52%) of all Internet traffic flow. For some
organizations, bots represent more than 75% of their total traffic.
This is a significant finding considering one-in-three (33%)
organizations cannot distinguish between ‘good’ bots and ‘bad’
ones.
The report also found that nearly half (45%) of respondents had
experienced a data breach in the last year, and 68% are not
confident they can keep corporate information safe. What’s more,
companies often leave sensitive data under-protected. In fact, 52%
do not inspect the traffic that they transfer to-and-from APIs, and
56% do not have the ability to track data once it leaves the
company.
Any organization that collects information on European citizens
will soon be required to meet the strict data privacy laws imposed
by General Data Protection Regulations (GDPR). These
regulations take effect in May 2018. However, with less than a year
until the due date, 68% of organizations are not confident they
will be ready to meet these requirements in time.
“It’s alarming that executives at organizations with sensitive
data from millions of consumers collectively don’t feel confident
in their security,” said Carl Herberger, Vice President of Security
Solutions at Radware. “They know the risks, but blind spots
continue to pose a threat. Until companies get a handle on where
their vulnerabilities are and take steps to protect them, major
attacks and data breaches will continue to make headlines.”
According to Dr. Larry Ponemon, "This report clearly shows that
pressure to continuously deliver application services limits
DevOps' ability to ensure web application security at various
stages in the SDLC."
Key Survey Findings Include:
- Application security is an afterthought.
Everyone wants the full automation and agility that the continuous
delivery model of app development provides. Half (49%) of the
respondents currently use the continuous delivery of application
services and another 21% plan to adopt it within the next 12-24
months. However, continuous delivery can compound the security
challenges of app development: 62% reckon it increases the attack
surface and approximately half say that they do not integrate
security into their continuous delivery process.
- Bots are taking over. Bots are the backbone of
online retail today. Retailers use bots for price aggregation
sites, electronic couponing, chatbots, and more. In fact, 41% of
retailers reported that more than 75% of their traffic comes from
bots, yet 40% still cannot distinguish between “good” and “bad”
bots. Malicious bots are a real risk. Web scraping attacks plague
retailers by stealing intellectual property, undercutting prices,
holding mass inventory in limbo, and buying out inventory to resell
goods through unauthorized channels at markup. But bots are not the
exclusive problem of retailers. In healthcare, where 42% of traffic
is from bots, only 20% of IT security execs were certain they could
identify the “bad” ones.
- API security is often overlooked. Some 60% of
organizations both share and consume data via APIs, including
personally identifiable information, usernames/passwords, payment
details, medical records, etc. Yet 52% don’t inspect the data that
is being transferred back and forth via their APIs, and 51% don’t
perform any security audits or analyze API vulnerabilities prior to
integration.
- Holidays are high risk for retailers.
Retailers face two distinct but highly damaging threats during the
holidays: outages and data breaches. Web outages during the holiday
season, when retailers make most of their profits, could have
disastrous financial consequences. Yet more than half (53%) are not
confident in their ability to provide 100% uptime of their
application services. High-demand periods like Black Friday and
Cyber Monday also spell trouble for customer data: 30% of retailers
suggest they lack the ability to secure sensitive data during these
periods.
- Patient healthcare data is at risk. Just 27%
of healthcare respondents have confidence they could safeguard
patients’ medical records, even though nearly 80% are required to
comply with government regulations. Patching systems is critical to
an organization’s security and its ability to mitigate today’s
leading threats, but some 62% of healthcare respondents have little
or no confidence in their organization’s ability to rapidly adopt
security patches and updates without compromising operations. More
than half (55%) of healthcare organizations said they had no way to
track data shared with a third party after it left the corporate
network. Healthcare organizations are particularly unlikely to
monitor the Darknet for stolen data, with 37% saying they did so,
compared to 56% in financial services, and 48% in retail.
- Multiple touchpoints equal higher risk. The
rise of new financial technology (like mobile payments) has
increased the access and volume of engagement with consumers,
which, in turn, increases the number of access points with
vulnerabilities and expands the risk security executives face.
While 72% of financial services organizations share usernames and
passwords and 58% share payment details via APIs, 51% do not
encrypt that traffic, potentially exposing valuable customer data
in transit.
The survey, conducted by Ponemon Research on behalf of Radware,
included responses from more than 600 chief information security
officers and other security leaders across retail, healthcare, and
financial services in six continents.
To read the full report on the survey’s findings, download
Radware Research: Web Application Security in a Digitally Connected
World Report.
THIS PRESS RELEASE AND THE REPORT ARE PROVIDED
FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED
TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING
RESULTS FOR ANY PRIOR, CURRENT OR FUTURE PERIOD.
About Radware
Radware® (NASDAQ:RDWR), is a global leader of application
delivery and cyber security solutions for virtual, cloud and
software defined data centers. Its award-winning solutions
portfolio delivers service level assurance for business-critical
applications, while maximizing IT efficiency. Radware’s solutions
empower more than 10,000 enterprise and carrier customers worldwide
to adapt to market challenges quickly, maintain business continuity
and achieve maximum productivity while keeping costs down. For more
information, please visit www.radware.com.
Radware encourages you to join our community and follow us on:
Facebook, Google+, LinkedIn, Radware Blog, SlideShare, Twitter,
YouTube, Radware Connect app for iPhone® and our security center
DDoSWarriors.com that provides a comprehensive analysis on
DDoS attack tools, trends and threats.
©2017 Radware Ltd. All rights reserved. Radware and all other
Radware product and service names are registered trademarks or
trademarks of Radware in the U.S. and other countries. All other
trademarks and names are property of their respective owners. The
Radware products and solutions mentioned in this press release are
protected by trademarks, patents and pending patent applications.
For more details please see:
https://www.radware.com/LegalNotice/
Safe Harbor Statement
This press release may contain statements
concerning Radware’s future prospects that are “forward-looking
statements” under the Private Securities Litigation Reform Act of
1995. Statements preceded by, followed by, or that otherwise
include the words "believes", "expects", "anticipates", "intends",
"estimates", "plans", and similar expressions or future or
conditional verbs such as "will", "should", "would", "may" and
"could" are generally forward-looking in nature and not historical
facts. For example, when we say “Until companies get a handle on
where their vulnerabilities are and take steps to protect them,
major attacks and data breaches will continue to make headlines,”
we are making a forward looking statement. Because such statements
deal with future events, they are subject to various risks and
uncertainties and actual results, expressed or implied by such
forward-looking statements, could differ materially from Radware's
current forecasts and estimates. Factors that could cause or
contribute to such differences include, but are not limited to: the
impact of global economic conditions and volatility of the market
for our products; changes in the competitive landscape; inability
to realize our investment objectives; timely availability and
customer acceptance of our new and existing products; risks and
uncertainties relating to acquisitions; the impact of economic and
political uncertainties and weaknesses in various regions of the
world, including the commencement or escalation of hostilities or
acts of terrorism; Competition in the market for Application
Delivery and Network Security solutions and our industry in general
is intense; and other factors and risks on which we may have little
or no control. This list is intended to identify only certain of
the principal factors that could cause actual results to differ.
For a more detailed description of the risks and uncertainties
affecting Radware, reference is made to Radware’s Annual Report on
Form 20-F, as amended, which is on file with the Securities and
Exchange Commission (SEC) and the other risk factors discussed from
time to time by Radware in reports filed with, or furnished to, the
SEC. Forward-looking statements speak only as of the date on which
they are made and, except as required by applicable law, Radware
undertakes no commitment to revise or update any forward-looking
statement in order to reflect events or circumstances after the
date any such statement is made. Radware’s public filings are
available from the SEC’s website at www.sec.gov or may be obtained
on Radware’s website at www.radware.com.
Media Contacts:Deborah
SzajngartenRadware201-785-3206deborah.szajngarten@radware.com
Investor Relations:Anat
Earon-Heilborn+972 723917548ir@radware.com
RADWARE (NASDAQ:RDWR)
Historical Stock Chart
From Mar 2024 to Apr 2024
RADWARE (NASDAQ:RDWR)
Historical Stock Chart
From Apr 2023 to Apr 2024