OPSWAT and F5 Survey Reveals Widespread Unpreparedness for Escalating Application Security Threats
OPSWAT and F5 Survey Reveals Widespread Unpreparedness for Escalating Application Security Threats
83% of companies have not fully implemented defense-in-depth strategies, leaving them vulnerable to increasingly sophisticated cyberattacks
83%的公司尚未完全實施深度防禦策略,使其易受越來越複雜的網絡攻擊威脅。
TAMPA, Fla., Sept. 4, 2024 /PRNewswire/ -- OPSWAT, a leader in critical infrastructure protection (CIP), has teamed with F5, the leading multicloud application security and delivery company, on a new survey with Dark Reading, highlighting significant industry concerns among IT and corporate leadership regarding their organization's preparedness to face escalating cyber threats. Many enterprises are challenged with the complexities of web application security, compliance issues, and the perceived lack of support from organizational leadership.
2024年9月4日,佛羅里達坦帕市/美通社——OPSWAT,一家關鍵基礎設施保護(CIP)領先公司,與F5,一家領先的多雲應用安全與交付公司,聯合《Dark Reading》進行了一項新調查,突顯了IT和企業領導層對他們組織應對日益升級的網絡威脅的準備不足的顯著行業擔憂。許多企業面臨着Web應用安全的複雜性、合規問題以及組織領導層支持的缺乏。
The survey, which included responses from IT and corporate leadership, reveals a worrying trend: Over the past year, 35% of respondents reported suffering a malware breach, 28% experienced credential theft or unauthorized account access, and 24% faced a security compromise involving a vendor, contractor, or other third party.
調查涵蓋了IT和企業領導層的回應,揭示了一個令人擔憂的趨勢:過去一年中,35%的受訪者報告遭受了惡意軟件入侵,28%經歷了憑證泄露或未經授權的帳戶訪問,24%面臨了涉及供應商、承包商或其他第三方的安全妥協。
Other key findings from the survey include:
調查的其他重要發現包括:
Challenges in Compliance with Various Regulatory Requirements: Many organizations struggle to maintain compliance with regulatory standards, with only 27% of respondents regularly referencing OWASP for web application security best practices. This contrasts with 53% referencing NIST and 37% referring to CISA guidelines.
各種監管要求合規面臨的挑戰:許多組織在維護合規性方面面臨困難,只有27%的受訪者定期參考OWASP的Web應用安全最佳實踐。而53%參考NISt,37%參考CISA指南。
Perceived Lack of Support from Leadership: IT leaders report feeling under-resourced, with the top concerns preventing them from feeling adequately prepared for security threats being budget shortages, inadequacies in staff training and technical partnerships, disparate security ecosystems and vendors, and a general lack of attention from top management.
領導層的支持不足:IT領導者表示感到資源不足,阻礙他們充分準備應對安全威脅的主要關注點包括預算不足、員工培訓和技術合作夥伴的不足、分散的安全生態系統和供應商以及高層管理的普遍不重視。
Complexity of Web Application Security: The migration and deployment of cloud-hosted web applications have added significant complexity to web application security. For example, compliance remains challenging, particularly in adhering to OWASP requirements before and during production.
Web應用安全的複雜性:雲託管的Web應用的遷移和部署給Web應用安全帶來了重大的複雜性。例如,在生產之前和期間遵循OWASP的要求仍然具有挑戰性。
Lack of Preparedness for Escalating Attacks: A mere 25% of respondents feel their organizations are fully prepared to handle DDoS attacks, which have been on the rise globally. Preparedness for other threats such as Advanced Persistent Threats (APTs), botnets, API security issues, and zero-day malware is even lower.
面對攀升的攻擊,僅有25%的受訪者認爲他們的組織已經完全準備好應對DDoS攻擊。這種攻擊在全球範圍內呈上升趨勢。對於其他威脅,如高級持續威脅(APTs)、殭屍網絡、API安全問題和零日惡意軟件,準備程度甚至更低。
Despite awareness of the necessary strategies, the report highlights a significant gap in implementation. While CISA recommends a defense-in-depth approach—utilizing multiple countermeasures in a layered manner, such as sandboxing, Content Disarm and Reconstruction (CDR), behavior analysis, vulnerability scanning, and security testing—only 17% of organizations have fully implemented these strategies. This leaves 83% of companies vulnerable, lacking the comprehensive, multi-layered security needed to defend against today's sophisticated threats.
儘管意識到必要策略,但報告強調了實施方面的顯著差距。儘管CISA建議採取深層防禦方法-以分層方式使用多種對策,如沙箱技術、內容解析與重構(CDR)、行爲分析、漏洞掃描和安全測試,但只有17%的組織已經全面實施了這些策略。這意味着83%的公司存在漏洞,缺少全面、多層次的安全措施來應對當今複雜的威脅。
"This report is a reminder that the industry is constantly engaged in a catch-up game with threat actors, with cycles of attacks and countermeasures," said George Prichici, VP of Products at OPSWAT. "As cyber threats evolve in complexity and scale, organizations must prioritize a multi-layered security approach. OPSWAT urges organizations to invest in advanced, prevention-based security technologies and ensure their teams are well-trained. In today's dynamic threat landscape, a comprehensive, layered approach to web application security is essential to protect critical infrastructure and safeguard sensitive data."
「這份報告提醒我們,行業與威脅行爲者之間不斷進行趕超遊戲,攻擊和反制循環不已,」 OPSWAt產品副總裁George Prichici說。「隨着網絡威脅複雜性和規模不斷髮展,組織必須優先考慮多層次的安全方法。OPSWAt敦促組織投資於先進的、基於預防的安全技術,並確保他們的團隊接受了充分的培訓。在當今動態的威脅環境中,對Web應用程序安全採取全面、分層的方法對於保護關鍵基礎設施和保障敏感數據至關重要。」
Download the full survey findings and learn how OPSWAT and F5 can assist in enhancing your organization's application security:
下載完整的調查結果,並了解OPSWAt和F5如何幫助提升您的組織的應用安全性:
About OPSWAT
關於OPSWAt
For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a "Trust no file. Trust no device." philosophy, OPSWAT solves customers' challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world's critical infrastructure and helps secure our way of life; visit .
過去20年,OPSWAt是全球領先的IT、OT和ICS關鍵基礎設施網絡安全公司,不斷髮展全方位的解決方案平台,爲公共和私營部門組織和企業提供必要的優勢,以保護其複雜網絡並確保合規性。OPSWAt以「不信任任何文件。不信任任何設備。」的理念爲驅動力,通過在基礎設施的每個層次上使用零信任解決方案和專利技術來解決全球各地客戶的挑戰,保護其網絡、數據和設備,防止已知和未知的威脅、零日攻擊和惡意軟件。了解OPSWAt如何保護世界的關鍵基礎設施並幫助確保我們的生活方式;請訪問 。
F5 is a trademark, service mark, or tradename of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words "partner," "partnership," or "joint" does not imply a legal partnership relationship between F5 and any other company.
F5是F5公司在美國和其他國家的商標、服務標誌或商業名稱。此處所有其他產品和公司名稱可能是其各自所有者的商標。使用"合作伙伴"、"合作關係"或"聯合"等詞並不意味着F5與任何其他公司之間存在法律合作伙伴關係。
Media Contact
Kat Lewis, VP of Global Marketing and Communications
+1.415.590.7300
[email protected]
媒體聯繫人
Kat Lewis,全球營銷和通信副總裁
+1.415.590.7300
[email protected]
SOURCE OPSWAT
出處OPSWAT
譯文內容由第三人軟體翻譯。