How to secure next-gen apps against ever-evolving threats

With the hybrid workplace becoming the default in Asia-Pacific, organisations of all sizes have adopted business applications to support the shift. Tools from videoconferencing platforms to cloud storage solutions, which peaked in adoption at the height of the pandemic, are now ingrained in most organisations’ operations.

Today, a new generation of business applications are on the rise, supporting organisations in achieving a wide range of objectives, from streamlining operations to making smarter decisions through analytics-backed insights, and even tracking sustainability goals.

Securing applications in an evolving threat landscape is key

According to Productiv, the average company today uses 254 software-as-a-service applications, with the average rising to 364 applications for enterprises. However, the reality is that businesses are not the only ones transforming. Cyberthreats are also evolving and at an exceptionally rapid pace.

From October 2020 to October 2021 alone, Akamai observed over 6 billion web attacks globally. Upon analysis of the top 1,000 attacks so far in 2022, Akamai also found a steady increase of web application and API attacks, with peaks of more than 10 million daily attacks, and occurrences of one-time big booms, where attack activity volumes surpass 30 times a customers’ norm.

It is imperative that new applications are protected from cybercriminals who seek to harvest data and credentials from potential vulnerabilities. This starts with developing a robust security posture with high-precision threat detection to prevent attacks, ranging from phishing attempts to ransomware, which are becoming more prevalent.

Not just a tech, but people priority

While cybersecurity solutions have continued to advance with the times, enabled by breakthroughs in cloud technology and artificial intelligence, it is not enough for organisations to stay secure. A powerful solution is not a silver bullet, as cybersecurity is as much a human problem as it is a technical one.

Here are some steps businesses can take to strengthen their security posture:

  1. Keep track and know your application programming interface (API)
    Discover your APIs and track them as you would inventory to avoid incidents involving APIs that your organisation did not know existed. This includes identifying and securing external APIs that the organisation uses, and ensuring that their risks are assessed. Once this is done, it is important that APIs are tested and that their vulnerabilities are understood. This requires testing tools and adequate developer education, as well as partnership with existing security teams. 
  1. Be committed to fixing vulnerabilities
    It is important that organisations are committed to fixing vulnerabilities sooner than later. A good starting point would be to look for hard-coded keys, logic calls, and whether API traffic could be compromised by an impersonation attack. Organisations should also scan storage and repositories for keys that could be used to compromise the API or anything associated with it. API security needs to be a continuous endeavour, and more than a one-off during development. New vulnerabilities and attacks are discovered all the time, and single-instance checks will leave the attack surface exposed.
  1. Adopt a zero-trust approach
    This means that no person or device inside or outside of an organisation’s network is granted access to connect to IT systems or services until authenticated and continuously verified. As we continue to work from anywhere and use an increasing number of endpoints to access sensitive information, the attack surface that bad actors can take advantage of continues to increase. Zero-trust initiatives counter this. Through fast and effective microsegmentation that simplifies the process of policy enforcement, organisations can prevent attackers and infected devices from gaining access to critical infrastructure.
  1. Prioritise cybersecurity education and awareness of best practices
    Enterprises need to ensure that all employees have an adequate understanding of how to implement cybersecurity practices. Employees need to see themselves as important stakeholders in keeping their organisations secure, and understand the consequences the wider organisation could face if an attack is successful. This is especially crucial as companies continue to mobilise and hire talent across different markets. It will be crucial to ensure that no matter their location, employees are in touch with and using  cybersecurity best practices at work.

As businesses continue to lean on technology to innovate and transform, they need to acknowledge an increased attack surface and exposure to bad actors. This requires a conscientious effort to keep their infrastructure secure, by not only adopting good security hygiene, but also ensuring that cybersecurity is ingrained as a priority within the organisation – one that every employee, regardless of department, contributes towards. By ensuring that the organisation is secure by design even as it continues to expand and evolve, companies can continue to provide customers with world-class experiences, while keeping data and infrastructure secure.