OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, recently released its 2023 State of Web Application Security report. The report reveals that although organizations invest heavily in infrastructure upgrades and security budgets, only 2% of industry experts feel confident about their security strategies. 

According to the 2023 report, the transition towards public cloud hosting and containerization, already embraced or planned by an impressive 97% of organizations, has become the predominant trend. However, this shift has also led to an alarming increase in concerns around file-based malware. The finding further exacerbates this concern in five or fewer antivirus (AV) engines for detecting malicious file uploads, potentially leaving them vulnerable to sophisticated cyber threats. 

The report also highlights an interesting trend related to the use of Content Disarm and Reconstruction (CDR), a proactive measure against evolving cyber threats. While larger organizations handling a higher volume of files have been quick to adopt CDR, smaller organizations seem to lag behind, indicating a significant market disparity. 

“As organizations continue to shift their operations to the cloud, the need for effective security measures has become even more critical,” states the report by OPSWAT. By providing a comprehensive overview of new and existing cybersecurity trends and patterns, the report underlines the expanding digital threat landscape that affects both Information Technology (IT) and Operational Technology (OT) systems. 

Key findings from the 2023 report include: 

• Leveraging Multiple AV Engines: OPSWAT’s report firmly suggests organizations to “Enhance your file upload security with multiple anti-malware engines.” And “by increasing the number of engines to 20, the detection rate improved to 96%.” This points towards the need for deploying more engines to bolster defenses against constantly evolving threats. 
• Large Organizations Embrace CDR: Larger organizations handling a high volume of files are more likely to utilize CDR to combat cyber threats. According to the report, 43% of companies with over 10,000 employees and 27% of those with 5,000 – 10,000 employees have adopted CDR, enhancing their security without disrupting operations. However, smaller organizations with under 5,000 employees have yet to fully leverage this proactive measure, with an adoption rate of just 25%. 
• Gap Between Infrastructure Upgrades and Security Confidence: The report notes that despite the majority of companies in all regions planning to increase their security budgets for 2023, with 62% of companies in the Americas and 68% in EMEA planning moderate increases, and 53% of companies in APAC planning a moderate increase, the confidence in their security strategies remains surprisingly low. 

Underutilization of Antivirus Engines 

The use of multiple AV engines to secure against malicious file uploads and malware can provide additional layers of protection and increase the detection rate. Each AV engine has its own set of rules and algorithms for detecting threats, and combining them can reduce the risk of false negatives. 

According to the report, increased budgets have not necessarily led to using more antivirus engines. Approximately 52% of organizations use between 2 to 5 AV engines to detect malicious file uploads. This trend may leave companies vulnerable to new and emerging threats that could evade detection by utilizing too few AV solutions. It is crucial for organizations to strike a balance between security and practicality when it comes to their AV strategies. 

The report also provides actionable insights, showing that utilizing 8 anti-malware engines identified nearly 90% of the most prevalent 10,000 threats. Expanding the number of engines to 20 led to a detection rate that soared to 96%. Moreover, employing more than 30 engines saw detection accuracy rocket to over 99%. This underscores the significant benefits of implementing multiple engines in fortifying your defenses against the relentless tide of emerging threats. 

However, it’s worth noting that only 3% of organizations use more than 30 engines. This suggests that while the benefits of using more engines are clear, many organizations may not be taking full advantage of this strategy. 

Regulation Compliance: A Significant Driving Force 

In the maze of cybersecurity measures, organizations often find themselves driven by the need to comply with regulations and best practices. The General Data Protection Regulation (GDPR) leads the pack, driving security measures in 56% of companies. Other significant regulations influencing companies include ISO 27001, Center for Information Security (CIS), Payment Card Industry Data Security Standard (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA). These compliance requirements serve as catalysts, pushing organizations to bolster their cybersecurity measures. 

Additional findings from the 2023 State of Web Application Security Report include: 

• Widespread Concerns Over Malware: In the Americas and APAC, over 40% of companies report a high level of apprehension, with EMEA trailing slightly at 22%. A sizeable percentage of companies across these regions also indicate substantial concern.  
• The Importance of Continuous Monitoring: A significant 33% of survey respondents appreciate the importance of conducting periodic analyses of all file repositories in their web applications for malware. This finding underlines the significance of relentless vigilance in ensuring the security of uploaded files and protecting against potential malware attacks.  
• Detecting Application Vulnerabilities: A third of respondents find it valuable to detect application vulnerabilities in operational virtual machines or containers. This proactive measure helps safeguard the web application environment from potential breach points that malicious actors could exploit.  
• Preventing Data Exfiltration: An equal percentage of respondents (33%) highlight the importance of preventing data exfiltration by either redacting or blocking sensitive information. By introducing such protective measures, organizations can manage data access more effectively, reduce the risk of data breaches, and avoid potentially devastating financial and reputational fallout. 

“OPSWAT’s findings reinforce how imperative it is to establish a proactive defense strategy that goes beyond traditional measures,” said Yiyi Miao, Chief Product Officer at OPSWAT. “A comprehensive, layered defense approach not only incorporates zero-trust technology and solutions; it also entails empowering the human element through robust education and training—an area where CIP Cyber truly excels.” 

Resources 

• You can download a copy of the 2023 State of Web Application Security Report here. 
• Interested in learning the latest techniques to secure your organization against cyberattacks? Explore CIP Cyber Training & Certifications.