Web application exploits – ‘biggest cybersecurity risk’: Report

According to new research by The Cyentia Institute, web application exploits are the biggest cybersecurity risk facing organisations today. The conclusion is part of a new F5 Labs research titled The State of the State of Application Exploits in Security Incidents, which is the first of its type.

According to the research, 56 per cent of the most serious cybersecurity events in the last five years may be traced back to a web application issue. The cost of responding to these attacks was more than $7.6bn, accounting for 42 per cent of all financial losses associated with “extreme cyber loss events”. For six of the previous eight years, web application attacks have been the most common type of data leak.

Furthermore, the research found that the average time-to-discovery for incidents involving web application exploits was 254 days, which was substantially longer than the 71-day average for other extreme loss cases analysed.

Read: F5 analysis reveals spikes, shift in cyberattacks following Covid-19 lockdowns

One of the report’s findings was that state-affiliated threat actors were responsible for 57 per cent of all known losses for the biggest web application events in the previous five years. Damages totaled $4.3bn as a result of this.

“All CISOs probably view vulnerability management, access control, and situational awareness as critical aspects of security operations, but in practice these strategies reveal themselves as moving targets,” said Raymond Pompon, director of F5 Labs.