{"id":14521,"date":"2021-08-08T11:50:11","date_gmt":"2021-08-08T11:50:11","guid":{"rendered":"https:\/\/cryptounplugged.ai\/blog\/?p=14521"},"modified":"2021-08-08T11:50:16","modified_gmt":"2021-08-08T11:50:16","slug":"56-of-the-biggest-cybersecurity-incidents-over-the-past-five-years-were-related-to-web-applications","status":"publish","type":"post","link":"https:\/\/cryptounplugged.ai\/blog\/56-of-the-biggest-cybersecurity-incidents-over-the-past-five-years-were-related-to-web-applications\/","title":{"rendered":"56% Of The Biggest Cybersecurity Incidents Over The Past Five Years Were Related To Web Applications"},"content":{"rendered":"\n<p>Web application exploits are the biggest cybersecurity risk facing organizations today, according to new research by The Cyentia Institute.<\/p>\n\n\n\n<p>The conclusion forms part of a new\u2014and first of its kind\u2014F5 Labs-sponsored report entitled\u00a0<em>The State of the State of Application Exploits in Security Incidents.<\/em><\/p>\n\n\n\n<p>Drawing heavily on the Cyentia Research Library<sup>1<\/sup>\u00a0as well as input from a range of other datasets, the report is the industry\u2019s most comprehensive multi-source analysis yet of both\u00a0the frequency and role of application exploits.\u00a0A key driver behind the report\u2019s publication is to progress how the cybersecurity industry as a whole uses disparate pieces of research\u00a0to piece together the bigger picture.<\/p>\n\n\n\n<p>In the report, The Cyentia Institute found that 56% of the biggest cybersecurity incidents from the past five years tie back to some form of web application issue. Responding to these incidents cost more than $7,6bn, which represents 42% of all financial losses recorded for \u201cextreme cyber loss events\u201d. Web application attacks were also the leading incident pattern among data breaches for six of the last eight years.<\/p>\n\n\n\n<p>In addition, The Cyentia Institute discovered that the average time-to-discovery for incidents involving web application exploits was 254 days \u2013 significantly higher than the 71-day average for other extreme loss events that were studied.<\/p>\n\n\n\n<p>However, one of report\u2019s most eye-catching discoveries was that 57% of all known losses for the largest web application incidents over the last five years were attributed to state-affiliated threat actors. This alone caused $4,3bn in damages.<\/p>\n\n\n\n<p>The data and reports analyzed by The Cyentia Institute also revealed a consensus on key recommendations for security measures, which The Cyentia Institute summarizes as \u201cFix your code, patch your systems, double up your creds and watch your back(door).\u201d<\/p>\n\n\n\n<p>\u201cAll CISOs probably view vulnerability management, access control, and situational awareness as critical aspects of security operations, but in practice these strategies reveal themselves as moving targets,\u201d\u00a0said Raymond Pompon, Director of F5 Labs.<\/p>\n\n\n\n<p>\u201cWe were surprised to see that underneath the surface, \u2018the state of the state\u2019 of is not one of discontinuity and fragmentation, but one of consensus about the difficulty of execution. It appears that many security teams know what they need to do, in theory. Putting that theory into practice over time is the real problem here. This is, in reality, quite an eye-opening conclusion. Security teams don\u2019t, in fact, need help figuring out what to do, but rather how to do it.\u201d<\/p>\n\n\n\n<p>Download the report\u00a0<a href=\"https:\/\/www.f5.com\/content\/dam\/f5-labs-v2\/article\/articles\/reports\/20210720_soso\/The-State-of-the-State-of-Application-Exploits-in-Security-Incident-F5Labs.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>\u00a0for the full analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web application exploits are the biggest cybersecurity risk facing organizations today, according to new research by The Cyentia Institute. The conclusion forms part of a new\u2014and first of its kind\u2014F5 Labs-sponsored report entitled\u00a0The State of the State of Application Exploits in Security Incidents. Drawing heavily on the Cyentia Research Library1\u00a0as well as input from a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14523,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-14521","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"rttpg_featured_image_url":{"full":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",1161,1270,false],"landscape":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",1161,1270,false],"portraits":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",1161,1270,false],"thumbnail":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5-150x150.jpg",150,150,true],"medium":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5-274x300.jpg",274,300,true],"large":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5-936x1024.jpg",936,1024,true],"1536x1536":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",1161,1270,false],"2048x2048":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",1161,1270,false],"post-thumbnail":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",384,420,false],"graptor-sq-xs":["https:\/\/cryptounplugged.ai\/blog\/wp-content\/uploads\/2021\/08\/Ray-Pompon_F5.jpg",91,100,false]},"rttpg_author":{"display_name":"admin","author_link":"https:\/\/cryptounplugged.ai\/blog\/author\/admin\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/cryptounplugged.ai\/blog\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","rttpg_excerpt":"Web application exploits are the biggest cybersecurity risk facing organizations today, according to new research by The Cyentia Institute. The conclusion forms part of a new\u2014and first of its kind\u2014F5 Labs-sponsored report entitled\u00a0The State of the State of Application Exploits in Security Incidents. Drawing heavily on the Cyentia Research Library1\u00a0as well as input from a&hellip;","_links":{"self":[{"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/posts\/14521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/comments?post=14521"}],"version-history":[{"count":1,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/posts\/14521\/revisions"}],"predecessor-version":[{"id":14524,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/posts\/14521\/revisions\/14524"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/media\/14523"}],"wp:attachment":[{"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/media?parent=14521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/categories?post=14521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptounplugged.ai\/blog\/wp-json\/wp\/v2\/tags?post=14521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}