Credits Author: Kim Lambert, Imperva
The new 2020 Cyberthreat Defense Report (CDR) was released this week. Now in its seventh year, the annual report provides a look at how global cybersecurity professionals perceive threats and plan to defend against them.
The CDR enables cybersecurity professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region. As a survey of 1,200 security leaders and IT decision-makers from the private and public sectors across the globe, it is truly a comprehensive look at the security market.
Key Insight
Among the report’s key insights this year: a trend toward unified security tools and monitoring. Eighty percent of security leaders agreed that managing the entire app security stack (DDoS protection, WAF, RASP, and API security) from one platform would reduce complexity and save time. According to the report:
“We believe that this near-unanimity comes from respondents’ knowledge of the benefits of a single platform for monitoring and management, such as:
– Easier management, since they can use one console instead of many.
– Better analysis and decision making, since data collected from multiple tools can be correlated and analyzed together.”
The 2020 Threat Landscape
Cyberattacks are not only up since last year, they have reached record levels. For the first time in the survey’s history, four out of five organizations (81 percent) experienced at least one successful cyberattack, up from 78 percent in 2019. This is a trend that Imperva Research Labs expects to escalate due to the ongoing COVID-19 crisis. See our blog on the initial security implications of the pandemic that we’re monitoring and how they’re affecting businesses.
Notable Findings
The 2020 CDR yields dozens of insights into the challenges IT security professionals faced last year and the challenges they’ll likely continue to face for the rest of this year. Notable findings include:
- ATO and DDoS are the biggest network-based headaches.
IT security teams continue to worry about account takeover, denial of service (DoS), and web application attacks, as well as SSL-encrypted threats. - Wide adoption of WAF and DAM.
The most widely installed technologies for data and application security are API gateway/protection, database firewall, web application firewall (WAF), and data activity monitoring (DAM). - Reducing cloud security risk is a priority.
The top risks for applications and data in the cloud are loss of data and IP, limitations of the security tools of the cloud platform providers, compliance violations, and a lack of visibility into the cloud. - Network-based cyber threats hound security teams.
Some of the network-based cyber threats cause IT security teams the greatest headaches, especially account takeover attacks, denial of service attacks, SSL-encrypted threats, and web application attacks. - The talent shortages worsen.
Eighty-five percent of organizations are experiencing a shortfall of skilled IT security personnel. This crisis is leading to strong preferences for technologies that can increase the productivity of existing IT security teams, such as advanced security analytics, and security products that feature ML and AI technologies. - API protection is now a “must-have.”
The percentage of organizations with API gateway /protection installed has soared over the past 2 years. - Most common foundations of app & data security.
The most commonly used technologies for protecting applications and data are API gateway/protection, database firewalls, web application firewalls (WAF), and data activity monitoring (DAM).
These are just a few highlights from the report, which is uniquely comprehensive and penetrating in its entirety. This infographic provides an excellent overview of its key takeaways. You can also join our live webinar exploring insights from the report. In it, CyberEdge and Imperva will discuss the challenges revealed in the CDR and solutions that will help you secure your digital transformation with confidence.