Survey reveals 83% of organisations lack robust cyber defences

A recent survey by OPSWAT, in collaboration with F5, has unveiled significant gaps in the preparedness of organisations to tackle escalating application security threats. The findings highlight several vulnerabilities in the current cyber defence strategies employed by companies, with 83% of organisations yet to fully implement a defence-in-depth approach.

The survey targeted IT and corporate leadership and brought to light the frequency and types of cyberattacks faced over the past year. Notably, 35% of respondents reported malware breaches, 28% experienced credential theft or unauthorised account access, and 24% encountered security compromises involving vendors, contractors, or other third parties.

Additionally, the survey illustrated the challenges that organisations face in maintaining compliance with regulatory requirements. Only 27% of the surveyed companies regularly reference the OWASP for web application security best practices, in stark contrast to 53% who refer to NIST guidelines and 37% who follow CISA recommendations.

Respondents also pointed out a perceived lack of support from organisational leadership. Budget shortages, inadequacies in staff training, technical partnerships, disparate security ecosystems, and a general lack of attention from top management were identified as key factors preventing comprehensive cyber threat preparedness.

The complexities of web application security were also detailed, particularly the increased challenges brought on by the migration and deployment of cloud-hosted web applications. Compliance issues were cited as a recurring challenge, with adherence to OWASP requirements proving difficult both before and during production phases.

Preparedness for specific types of threats appears to be critically low. Only 25% of respondents feel that their organisations are fully prepared to handle Distributed Denial of Service (DDoS) attacks. Preparedness for other threats, such as Advanced Persistent Threats (APTs), botnets, API security issues, and zero-day malware, was reported to be even lower.

The report also highlights a significant gap between awareness and implementation of necessary cyber defence strategies. Though the Cybersecurity and Infrastructure Security Agency (CISA) advocates for a defence-in-depth approach — utilising multiple countermeasures such as sandboxing, Content Disarm and Reconstruction (CDR), behaviour analysis, vulnerability scanning, and security testing — only 17% of organisations have successfully implemented these strategies. As a result, a considerable 83% remain vulnerable to sophisticated cyber threats.

George Prichici, Vice President of Products at OPSWAT, underscored the urgent need for a multi-layered security approach. "This report is a reminder that the industry is constantly engaged in a catch-up game with threat actors, with cycles of attacks and countermeasures," said Prichici. "As cyber threats evolve in complexity and scale, organisations must prioritise a multi-layered security approach. OPSWAT urges organisations to invest in advanced, prevention-based security technologies and ensure their teams are well-trained. In today's dynamic threat landscape, a comprehensive, layered approach to web application security is essential to protect critical infrastructure and safeguard sensitive data."