App applications: Securing increasingly difficult

Survey participants agree that app applications are increasingly exposed to threats. In this context, companies are reporting more and more thefts of access data and DDoS attacks. In Germany, 76 percent are concerned about the theft of access data. This is the second highest value after Canada (81%). DDoS attacks (64%) and Internet fraud (49%) even rank second and third among German-speaking companies.

The pressure has never been greater to deliver applications with high speed, flexible functionality and reliable security. Add to this the increasingly stringent European legislation for information security.

Business critical apps and the biggest threats

As part of the Application Protection Report 20181 , 3,135 IT and security experts from Germany, the UK, the USA, Canada, Brazil, China and India were surveyed. According to the report, 38 percent of the participants "cannot reliably" say that they have an overview of all the apps they use. In Germany, at least 45 percent claim this - the highest proportion in a global comparison.

According to the study, companies use an average of 9.77 web app frameworks and environments. Germany is slightly above this with 10.37, but clearly behind the leader, the USA, with 12.09. On average, companies worldwide rate 33.85 percent of all apps as "business-critical", in Germany exactly 33 percent. The top three apps in all regions are: Document management and collaboration, communication such as email and messaging, and Microsoft Office.

High costs for companies
90 percent of respondents in Germany and the US say it would be "very annoying" if access to data or apps is no longer possible after an attack - the highest figure worldwide. The average cost of successful DDoS attacks on apps is $6.86 million worldwide. The consequences are greatest in the USA with losses of $10.64 million, followed by Germany with $9.17 million.

The picture is similar for the loss of personal data. On average, this results in costs of 6.29 million dollars per incident worldwide. Here, too, the USA ($9.37 million) and Germany ($8.48 million) take first and second place.

However, the consequences are worst when confidential or sensitive information such as intellectual property or trade secrets are stolen. In the USA, the highest costs are incurred, at $16.91 million, with Germany in second place at $11.30 million. Globally, the average cost per incident is estimated at $8.63 million.

The most important protective measures
But how can companies best protect themselves from these dangers? According to the study, primarily through three tools: Web Application Firewalls (WAFs), app scanning, and penetration testing. In Germany, 29 percent named WAFs, 20 percent penetration testing and 16 percent application scanning as the most important means of app protection. Globally, the figures were 26, 19 and 20 percent, respectively. According to F5's "State of Application Delivery Report 2018," released earlier this year, 61 percent of enterprises worldwide are already using WAFs to protect apps - a trend that is being amplified primarily by the increasing use of multiple clouds.

The current study continues to show that in Germany, backup technologies (73%) and DDoS defense technologies (64%) are used above all to ensure high availability of web apps. For the latter, Germany shares the top spot with Brazil, and for backup it is only just behind Canada (76%) and the UK (74%).

When it comes to web applications that use Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology, the UK, India and Canada (66% each) are just ahead of Germany and the USA (65% each). On the other hand, German companies are in the lead when it comes to storage encryption with 50 percent, ahead of Canada (44%) and the USA (40%).

More information and study results from the F5 security experts can be found at here.