Supply chain attacks are top app security concern in APAC

Firms across the Asia-Pacific region are struggling with a multitude of application security challenges, from bad bots, to broken APIs and supply chain attacks, according to a new global study by Barracuda.

Conducted by Vanson Bourne, the research covered 750 responses from IT decision makers in APAC and the United States as well as Europe, Middle East and Africa. There were 250 respondents in APAC.

The report found that on average, APAC organisations were successfully breached twice in the past 12 months as a direct result of an application vulnerability (38%).

Also, 27% of respondents reported at least one breach over the same period, and 14% reporting being breached more than three times.

According to Barracuda, the findings indicate that more needs to be done to protect against application security threats. They reveal that the range of application security-related challenges facing organisations in APAC today may extend way beyond difficulties in securing multiple attack vectors.

APAC respondents identified their top application security challenges as software supply chain attacks (46%), with 44% saying that adding security significantly slows down application development time.

Also, 43% stated that vulnerability detection is a key challenge, followed closely by bot attacks (39%) and securing APIs (37%).

Further, The research also revealed that web application and zero-day vulnerabilities were the main cause of successful security breaches affecting their organisation’s applications in the last 12 months (55%), followed closely by bot attacks and software supply chain attacks in joint second place (40% each).

“Applications have been steadily rising as one of the top attack vectors in recent years, and the rapid shift to remote work in 2020 has only intensified this trend,” said Mark Lukie, Barracuda’s systems engineer manager in APAC.

“Organisations in APAC are struggling to keep up with the pace of these attacks, particularly newer threats like bot attacks, API attacks, and supply chain attacks, and they need help filling these gaps effectively,” said Lukie.