Application Security

The Top Cyberthreats of 2021

Top Cyberthreats of 2021

Insights from 1200 cybersecurity practitioners

We are happy to announce that the 2021 Cyberthreat Defense Report is here. Now in its eighth year, this report shares insights from a survey of 1200 IT security professionals in 17 countries across 19 industries. Sponsored by the world’s top cybersecurity firms, including PerimeterX, the report presents vital statistics and insights into organizations’ posture and preparedness for cybersecurity threats. Readers may use this report to better understand the threat landscape and to help shape their technology investment priorities for the next year.

The past year has been especially challenging from a cybersecurity perspective, with working patterns and personal interactions completely changed to take meeting, learning, shopping and even exercising online at astonishing rates. So while it is not surprising, it is still concerning that successful cyberattacks have made their biggest jump in six years, now up to 86% of all attempts. Nine out of ten organizations have experienced cyberattacks targeting web and mobile applications. Credential stuffing attacks and account takeover are the top concern with over 43% of respondents reporting it as a major concern. A close second on the list is personally identifiable information (PII) harvesting, which includes theft of login credentials and credit card numbers.

Another interesting new insight in this year’s report is the inclusion of third-party risk management, which emerged as the most challenging IT security function yet the one for which organizations are the least prepared. Modern software makes extensive use of third-party components and open source libraries often introduced without adequate security verification. This software supply chain vastly expands the attack surface for an organization and we have seen cybercriminals and nation-states exploit this in a few recent high profile attacks such as the ones on Solarwinds and Microsoft. This problem is exacerbated in the case of modern web applications using third-party JavaScript that runs on the client side, outside the observable range of traditional security tools like WAFs.

The report includes a question on application and data security technologies that yields some interesting insights. Bot management has the lowest adoption of all the technologies listed but is the top priority for acquisition in the next 12 months. As bots increase in sophistication and attack tools become more widely available, more organizations find themselves a target. Fighting bots is an ongoing game of whack-a-mole that consumes scarce cybersecurity resources that would be better spent on higher value activities. As a result, organizations are prioritizing investing in bot management in 2021.

Benefits of DevSecOps

The report also examines the impact and benefits of DevSecOps across organizations. Two of the top benefits highlighted are the increased speed of deploying application updates and of deploying net new applications. Respondents also list fewer application security vulnerabilities and risks as a key benefit of this culture shift towards DevSecOps. It will be interesting to monitor this shift over the next few years and track the positive impacts.

Application and Data Security Technology

As cyberthreats evolve, organizations must continue to adapt their cybersecurity strategies to match on-the-ground realities and take advantage of cultural and technological shifts in the industry. The full Cyberthreat Defense Report offers a wealth of insights for every organization. Read the full report here.

Forrester Report

PerimeterX Named a Leader in the Forrester Wave™: Bot Management, Q2 2022

Download Report
© PerimeterX, Inc. All rights reserved.