A recent study report points out that 100 percent of web applications are vulnerable to attack, despite billions that companies would spend on cybersecurity efforts. Trustwave’s eleventh annual Global Security Report, released last week, says that in 2018 companies would be spending an estimated $96 billion on cybersecurity efforts, but 100 percent of web applications would remain vulnerable to cyber attacks.
In a detailed report discussing the Trustwave Global Security Report, TechRepublic writer Alison DeNisco Rayome says- “The report examined how the cyber threat landscape has evolved in the past decade. In 2008, the largest cyber threats were opportunistic, with attackers trying to steal money, payment card data, and login credentials from as many people as possible by targeting a large, indiscriminate group. Today, hackers launch sophisticated, highly-targeted attacks to breach networks of their victims, the report noted.”
Alison DeNisco Rayome also discusses, based on the Trustware report, the surge in vulnerabilities in the last one decade and the reasons for the same. She writes- “Unsurprisingly, vulnerabilities saw a sharp surge over the past 10 years, ramping up in 2012, the report found. This is due in part to the number of internet users doubling in that time frame, and the fact that both security researchers and criminals now actively look for—and for the latter, sell—vulnerabilities on the dark web.”
In 2017, Trustwave, as part of its study, had scanned many web applications; all the web applications that were subjected to the scan displayed at least one vulnerability each, as per the study report. The median number of vulnerabilities that Trustwave experts detected per application was 11, while the majority of vulnerabilities found involved in session management (the figure was 86%). As per the report, only 8 percent of vulnerabilities could be seen as high-risk ones.
The study report has also found that there has been a significant increase in the number of attacks on networked devices over the past one decade. This has happened due to increasing vulnerability that devices have because of a lack of hardening in their software, and the difficulty of distributing software updates.
There are some good findings too that the Trustware study report has come up with. The most notable among these is that spam appears to be showing a declining trend. While 87 percent of all incoming mail monitored by Trustware in 2009 was spam, now the figure has gone down to less than 40 percent. Spam today is mostly used by a very small number of cybercriminals who seek to distribute malware via botnets, as per the Trustwave report. The study also found that PDF files are now being increasingly used as a delivery method for phishing attacks, which are executed by tricking victims into clicking a link in the PDF, which would take them to a malicious website.
The findings of the Trustwave Global Security Report need to be analyzed further in today’s context and are to be taken seriously. Such findings would definitely be of great help is devising and implementing better cybersecurity strategies.
How Severe Are The Vulnerabilities In Most Web Applications?