Reblaze Publishes Results of New Survey: Most Organizations Still Aren’t Prepared to Defend Against Certain Common Attacks
New global survey of security professionals examines the latest and greatest threats and how organizations are arming themselves heading into 2022
SAN JOSE, Calif. – Jan. 27, 2022 –Reblaze, a leading cloud native, fully managed application security solution provider, today announced the results of the “2022 State of Web Security Survey,” a global survey of 300 security professionals, to better understand how organizations are approaching web security as we enter a new year. Commissioned by Reblaze and conducted by Global Surveyz, the research focused on the greatest threats organizations faced last year, and their strategies for 2022.
“The number and types of cyber threats we detect today is unprecedented in terms of both scale and sophistication,” said Ziv Oren, CEO of Reblaze. “Unfortunately, it seems that many organizations have fallen behind in maintaining effective defenses. For example, although attack bots are used in multiple types of cyberattacks, half of the security professionals that were surveyed admitted that they didn’t know the extent of bot activity in their applications, and of the remaining respondents, most of them underestimated the scope of the threat. Clearly, organizations that can’t fully detect hostile activity also cannot block it. The good news is that most of the respondents also have plans to modernize their security tools and strategies, with strong growth predicted across several technology categories, especially in cloud-based security that’s built on high visibility capabilities and machine learning and AI.”
Key findings include:
The Most Common Attack of 2021 was DDoS: DDoS was the most common attack in 2021, with 50% of respondents reporting DDoS attempts. For most regions, SQL injection was next at 38%, and ransomware was the third most common attack at 29%. However, in the US there is a more severe ransomware problem, and 40% of the US respondents were targeted by ransomware attacks in 2021.
Cloud-Based Security is Growing: Companies have embraced cloud-based security technologies with 64% of respondents reporting they now use a native WAF from their cloud provider, while third-party WAFs and Unified Solutions are also popular, at 41% and 24% respectively. This reliance is growing, as 59% of respondents plan to adopt more cloud security solutions in 2022.
Non-Traditional Security Technologies Are Becoming Important: Seventy-two percent of companies consider it very important to secure the OWASP Top 10 vulnerabilities — most of which are longstanding issues within web security. However, companies are also seeking other new types of defenses. Ninety-nine percent of respondents consider Adaptive Protection to be important, followed by API security at 98%.
Most Companies have Inadequate Defenses Against Hostile Bots: Modern attack bots have become quite sophisticated, and for most security solutions that lack proper visibility, are difficult to detect. While 50% of respondents have no idea about the percentage of hostile bots in their traffic, the other half think they know, but tend to radically underestimate the number, at an average of 6.2%. In reality, the percentage of hostile bots across web traffic is closer to 26%.
The Fastest-Growing Security Technologies Are Bot Solutions and Unified Solutions: With so many companies unable to accurately ascertain the composition of incoming traffic, it’s no surprise that the security technology with the highest expected growth rate is Dedicated Bot Solutions. Various sizes of companies report increased usage of between 133% and 214% in 2022 over their current rates. The second-highest growth item is Unified Solutions — all-in-one platforms that include a variety of tools — where companies expect usage rates of up to 150% over 2021 levels.
The 2022 State of Web Security survey was conducted by Global Surveyz and commissioned by Reblaze. Respondents included 300 security professionals ranging from CISOs and CIOs to professionals working in Information Security, DevOps and DevSecOps teams from organizations of all sizes throughout the US, EU, and APAC.
Founded in 2011, Reblaze is a cloud-native WAAP (Web Application and API Protection) platform, leveraging innovative technologies for securing sites, services, applications, and APIs.
Reblaze is a cloud-based, fully managed security solution provider for sites, web applications, services, and APIs. Its unified and proprietary technology solution is fully integrated with AWS, Azure, Google, and Digital Ocean, and combines Machine Learning, adaptive threat detection, and dedicated Virtual Private Clouds to protect client assets from Internet threats. It offers next-gen WAF, autoscaling DoS/DDoS protection, Bot Management, API Security, CDN integration, real-time traffic control, and more via its intuitive web-based management console. Biometric human detection and Behavioral Analysis identifies and blocks even sophisticated modern bots that mimic human actions and can evade traditional bot mitigation solutions. In addition to its international partner network, Reblaze has offices in the U.S., Singapore, and Israel.