New data protection laws are cropping up at every pace, as cybercriminals continue to hone their infiltration techniques while the number of data breaches reported by businesses big and small continues to be on the rise.
Threatened with hefty fines if caught off guard, businesses leave a lot to be desired when it comes to protecting the data they collect and process, as well as their individual applications and infrastructure. And if a new study is any indication, businesses are severely underprepared to face the damages associated with a breach.
Attacks are on the rise
On behalf of Radware, Merrill Research surveyed 301 executives and IT professionals from across the globe. Respondents had to work for a company with at least 250 million USD/EUR/GBP/RMB in revenue. The resulting report offers a comprehensive view of the challenges organizations face in protecting web applications and how security breaches have affected them in the past year.
A key takeaway is that most organizations (67%) believe hackers will have no problem penetrating their network. At least 89% of respondents said they experienced attacks against web applications or web servers in the past 12 months, while encrypted web attacks increased from 12% in 2017 to 50% in 2018. Most respondents (59%) reported daily or weekly attacks.
Reputational loss, customer churn, dip in stock price
Researchers recorded a high rate of data collection and sharing creating massive exposure, expanding hackers’ attack surface. Under the latest data protection laws, such as the EU’s GDPR, entities handling personally identifiable information must limit data collection to the absolute necessary, in order to minimize the risk of exposure in case of a breach, or leak.
“Organizations with a global presence keep tabs on the data that they collect and share, with about half of respondents saying they only collect customer data for internal use and do not share it. However, 43% of respondents are specifically sharing data about user behavior, preferences and analytics,” the report says.
The frequency and complexity of data security breaches is also high. 46% of organizations reportedly experienced breaches in the last 12 months. Application layer attacks were found to be the most difficult to both detect and mitigate.
Worse, as a result of a data breach, 52% of respondents said their customers asked for compensation, 46% reported major reputation loss, 35% reported customer churn, 34% reported a drop in stock price, 31% reported customers took legal action, and 23% said executives were let go.
Lots of room for improvement
Other findings include:
- 82% of organizations who use API gateways share and/or consume data
- 70% of respondents do not require authentication from third party APIs
- 62% do not encrypt data sent by APIs
- 33% allow third parties to perform actions
- 40% of organizations update applications at least once per week
- approximately one third of all application types are updated on an hourly or daily basis
- a quarter of applications are updated weekly
According to researchers, such a high frequency of updates introduces new concerns about securing applications in a rapidly changing environment.
Data breaches are notoriously dangerous for the business sector. The reputational and financial damages associated with data exposure are substantial, potentially leading to bankruptcy in some instances.
New studies show that the healthcare sector in particular is experiencing the highest churn rate of any industry as a result of data breaches. And the costs associated with lost or stolen patient records are also sky-high: a whopping $408 per record, according to an IBM study conducted by Ponemon Institute.