The research focused on highly targeted industries as retail, healthcare and financial services and revealed that companies often leave sensitive data under-protected. In fact, 52% do not inspect the traffic that they transfer to-and-from APIs, and 56% do not have the ability to track data once it leaves the company.
Any organization that collects information on European citizens will soon be required to meet the strict data privacy laws imposed by General Data Protection Regulations (GDPR). These regulations take effect in May 2018. However, with less than a year until the due date, 68% are not confident they can keep corporate information safe.
Other findings include:
Bots are taking over. Bots are the backbone of ecommerce today. Retailers use bots for price aggregation sites, electronic couponing, chatbots, and more. In fact, 41% of retailers reported that more than 75% of their traffic comes from bots, yet 40% still cannot distinguish between “good” and “bad” bots. Malicious bots are a real risk. Web scraping attacks can steal intellectual property, undercutting prices, holding mass inventory in limbo, and buying out inventory to resell goods through unauthorized channels at markup.
API security is often overlooked. Some 60% of organizations both share and consume data via APIs, including personally identifiable information, usernames/passwords, payment details, medical records, etc. Yet 52% don’t inspect the data that is being transferred back and forth via their APIs, and 51% don’t perform any security audits or analyse API vulnerabilities prior to integration.
Holidays are high risk for retailers. During the holidays, retailers face two threats: outages and data breaches. Web outages during the holiday season, when retailers make most of their profits, could have disastrous financial consequences. Yet more than half (53%) are not confident in their ability to provide 100% uptime of their application services. High-demand periods like Black Friday and Cyber Monday also spell trouble for customer data: 30% of retailers suggest they lack the ability to secure sensitive data during these periods.
Multiple touchpoints equal higher risk. The rise of new financial technology (like mobile payments) has increased the access and volume of engagement with consumers, which, in turn, increases the number of access points with vulnerabilities and expands the risk security executives face. While 72% of financial services organizations share usernames and passwords and 58% share payment details via APIs, 51% do not encrypt that traffic, potentially exposing valuable customer data in transit.
The Radware Research: Web Application Security in a Digitally was conducted by Ponemon Research on behalf of Radware and included responses from more than 600 chief information security officers and other security leaders across retail, healthcare, and financial services in six continents.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now