Imperva: Web app attacks are increasing by 22% each quarter

Imperva discovers a rise in web app attacks, which means organisations are at a heightened risk of encountering data leakage

Imperva, a cybersecurity leader whose mission is to help organisations protect their data and all paths to it, releases new threat intelligence research showing that web app attacks against UK businesses have increased by 251% since October 2019, putting both organisations and consumers at risk.

The study, which looked at nearly 4.7 million web application-related cyber security incidents, found that attacks are increasing, on average, by 22% each quarter. The growth rate for such attacks continues to increase with a 67.9% surge from Q2 2021 to Q3. 

One of the most notable increases was in Remote Code Execution (RCE) / Remote File Inclusion (RFI) attacks, which jumped by 271%. RCE / RFI attacks target businesses’ websites and servers, and are used by hackers to steal information, compromise servers or even takeover websites and modify their content.  

Rising web app attacks are leaving organisations vulnerable

One of the major consequences of a surge in web app attacks, is the increase in data breaches. Earlier this year, Imperva Research Labs found that 50% of all data breaches begin with web applications. 

With the number of breaches increasing by 30% annually, and the number of records stolen is going up by a staggering 224%, it’s estimated that 40 billion records will be compromised by the end of 2021, with web application vulnerabilities likely responsible for around 20 billion.

“The pandemic placed immense urgency on businesses to get all kinds of digital transformation projects live as quickly as possible, and that is almost certainly a driving factor behind this surge in attacks” says Peter Klimek, Director of Technology at Imperva. “The changing nature of application development itself is also hugely significant. Developments like the rapid proliferation of APIs and the shift to cloud-native computing is beneficial from a DevOps standpoint, but for security teams, these changes in application architecture and the accompanying increased attack surface is making their jobs much, much harder.”

The pandemics impact on cybercrime 

Losses relating to fraud and cyber-crime have spiraled out of control during the pandemic, with the National Fraud Intelligence Bureau estimating that around £1.3bn was lost in the first half of 2021 alone, more than three times the amount lost during the same period in 2020. These figures suggest that the problem will continue to worsen throughout 2022. 

“Businesses are seeing more traffic through their web applications than ever before, in particular APIs,” continued Klimek. “More than 70% of web traffic now comes through APIs, meaning businesses’ exposure is only getting higher. It’s no longer enough to have a WAF in place and hope for the best - businesses need to invest in a comprehensive Web Application and API Protection (WAAP) stack featuring elements like RASP and Advanced Bot Protection, allowing them to secure everything from edge to database.”  



Featured Articles

Infosys: European firms struggle to generate gen AI value

Research from Infosys forecasts that European companies will increase their generative AI investments by 115% in the next year, up to US$2.8bn

KPMG appoints Global Head of AI to drive AI strategy

KPMG marks next phase in its AI strategy with appointment of Global Head of AI and launch of global framework for design, build and of use of AI solutions

Google unveils Gemini, its largest and most capable AI model

Google says its Gemini AI model is built from the ground up for multimodality — reasoning seamlessly across text, images, video, audio, and code

Technology key to integrating sustainability into strategies

Digital Transformation

Hitachi Vantara addresses cloud demand with Google Cloud

Cloud Computing

Google delays launch of long-anticipated Gemini AI model

AI & Machine Learning