Home Web app Web application attacks are skyrocketing, it’s time to protect APIs

Web application attacks are skyrocketing, it’s time to protect APIs


Web application attacks against UK businesses have increased by 251% since October 2019, putting organizations and consumers at risk, research from Imperva reveals.

In a study of nearly 4.7 million cybersecurity incidents related to web applications, Imperva Research Labs finds that attacks are increasing, on average, by 22% each quarter. More worryingly, the growth rate of these attacks continues to increase with a 67.9% increase from Q2 2021 to Q3.

One of the most notable increases was in Remote Code Execution (RCE) / Remote File Inclusion (RFI) attacks, which jumped 271%. RCE/RFI attacks target corporate websites and servers and are used by hackers to steal information, compromise servers, or even take over websites and modify their content.

Web application attacks on the rise, increasing data breaches

The consequence of this increase in web application attacks is a dramatic increase in data breaches. Earlier this year, Imperva Research Labs discovered that 50% of all data breaches start with web applications. As the number of breaches increases by 30% per year and the number of stolen records increases by 224%, an estimated 40 billion records will be compromised by the end of 2021, with web application vulnerabilities likely to be responsible for about 20 billion.

“The pandemic has placed an immense urgency on businesses to get all sorts of digital transformation projects in place as quickly as possible, and that’s almost certainly a driving factor in this surge in attacks,” says Peter Klimek, CTO at Imperva.

“The changing nature of application development itself is also extremely important. Developments such as the rapid proliferation of APIs and the shift to cloud-native computing are beneficial from a DevOps perspective, but for security teams, these changes in application architecture and increased attack surface accompanying them makes their job much, much more difficult.

The Importance of API Protection

Losses from fraud and cybercrime have spiraled out of control during the pandemic, with the National Fraud Intelligence Bureau estimating that around £1.3bn was lost in the first half of 2021 alone, more than three times the amount lost during the same period. in 2020. These figures suggest that the problem will continue to worsen throughout 2022.

“Companies are seeing more traffic through their web applications than ever before, especially APIs,” Klimek continued. “Over 70% of web traffic now goes through APIs, which means business exposure is only growing. It’s no longer enough to have a WAF in place and hope for the best – businesses need to invest in a comprehensive web application and API (WAAP) protection stack that includes things like RASP and Advanced Bot Protection, allowing them to secure everything from the edge to the database.”