Imperva: Web app attacks are increasing by 22% each quarter

Imperva discovers a rise in web app attacks, which means organisations are at a heightened risk of encountering data leakage

Imperva, a cybersecurity leader whose mission is to help organisations protect their data and all paths to it, releases new threat intelligence research showing that web app attacks against UK businesses have increased by 251% since October 2019, putting both organisations and consumers at risk.

The study, which looked at nearly 4.7 million web application-related cyber security incidents, found that attacks are increasing, on average, by 22% each quarter. The growth rate for such attacks continues to increase with a 67.9% surge from Q2 2021 to Q3. 

One of the most notable increases was in Remote Code Execution (RCE) / Remote File Inclusion (RFI) attacks, which jumped by 271%. RCE / RFI attacks target businesses’ websites and servers, and are used by hackers to steal information, compromise servers or even takeover websites and modify their content.  

Rising web app attacks are leaving organisations vulnerable

One of the major consequences of a surge in web app attacks, is the increase in data breaches. Earlier this year, Imperva Research Labs found that 50% of all data breaches begin with web applications. 

With the number of breaches increasing by 30% annually, and the number of records stolen is going up by a staggering 224%, it’s estimated that 40 billion records will be compromised by the end of 2021, with web application vulnerabilities likely responsible for around 20 billion.

“The pandemic placed immense urgency on businesses to get all kinds of digital transformation projects live as quickly as possible, and that is almost certainly a driving factor behind this surge in attacks” says Peter Klimek, Director of Technology at Imperva. “The changing nature of application development itself is also hugely significant. Developments like the rapid proliferation of APIs and the shift to cloud-native computing is beneficial from a DevOps standpoint, but for security teams, these changes in application architecture and the accompanying increased attack surface is making their jobs much, much harder.”

The pandemics impact on cybercrime 

Losses relating to fraud and cyber-crime have spiraled out of control during the pandemic, with the National Fraud Intelligence Bureau estimating that around £1.3bn was lost in the first half of 2021 alone, more than three times the amount lost during the same period in 2020. These figures suggest that the problem will continue to worsen throughout 2022. 

“Businesses are seeing more traffic through their web applications than ever before, in particular APIs,” continued Klimek. “More than 70% of web traffic now comes through APIs, meaning businesses’ exposure is only getting higher. It’s no longer enough to have a WAF in place and hope for the best - businesses need to invest in a comprehensive Web Application and API Protection (WAAP) stack featuring elements like RASP and Advanced Bot Protection, allowing them to secure everything from edge to database.”  



Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation