The biggest cybersecurity issues that businesses face, from false positives to outages

According to Fastly’s report, UK businesses spend over £356,406 a year on web applications and API security tools, but nearly half of all security alerts are still false positives.

Fastly, a global edge cloud platform provider has released new research that uncovers a crucial need for a unified, modern and simplified approach to security. Based on insights from information security and IT professionals from 250 UK companies and 500 global companies, the research revealed growing concerns around adequately securing the rapidly rising number of mission-critical cloud services and API-centric applications that enterprise businesses are relying on. Outdated offerings, false positives, and ineffective blocking are among the main causes driving this global concern.

The research highlighted that, on average, UK businesses use 11 web applications and API security tools and spend close to £356,000 on them but that 40% of all security alerts are still false positives. In addition, security is becoming more complex and costly for organisations as they are increasingly required to protect traditional architectures, in addition to new architectures and cloud environments.

1 in 4 (23%) UK businesses have suffered a loss of revenue in the past 12 months as a result (at least in part) of false positives from web applications and API security tools, with an average revenue loss of 12%. Due to these false positives, the downtime frequently causes similar vulnerability to actual attacks, which suggests that current security tools may be causing more problems than they solve. 

The research demonstrated that more than half of organisations believe most, if not all, of their applications will use APIs in the next two years.

Despite an anticipated increase in API implementation, half of the organisations stated that web application and API security are more difficult than two years ago and indicated struggles to maintain adequate security across new application architectures. Driving these difficulties is the shift to public cloud and API-centric applications without a modern security solution to support those innovations.

Perhaps most strikingly of all, 47% of UK businesses run tools in log or monitoring mode and only switch to blocking mode when they are confident detections are accurate due to the occurrence of false positives. The global report also shows that businesses are running their web application and API security tools in blocking mode a mere 9% of the time. As a result, current tools frequently block harmless traffic, impeding business and impacting their bottom line.

“One of the biggest security challenges we are seeing today is that technologies are rapidly evolving to better serve the growing demand for digital experiences, but the security offerings that protect those technologies are not experiencing that same level of transformation — and often erode the benefits of modern technology stacks,” said Kelly Shortridge, Senior Principal Technologist at Fastly.

“Security tools should fuel innovation, actively support service resilience, and minimise disruption to software delivery workflows, rather than slowing build cycles and producing disjointed, unactionable, or irrelevant data.”

“The responsibility for protecting enterprise assets, data, and users from cyber threats no longer falls solely on the security organisation, even as the threat landscape becomes increasingly complex. Application security in particular, is a team sport that requires input and cross-functional collaboration across many parts of an organisation,” said John Grady, Senior Analyst at ESG.

“As a result, security professionals have become frustrated with the complex and siloed nature of traditional application security solutions that fail to address these issues. Modern businesses require uniform tools and approaches that can minimise vulnerabilities between their public cloud infrastructure, microservices-based architecture, and legacy applications while supporting a variety of personas.”

ESG Methodology (global data)

To gather data for this report, ESG conducted a comprehensive online survey of information security and IT professionals who know about their organisation’s application development practices and are involved in security purchase processes (61%). The survey also included developers, engineering, and DevOps leaders who build and deliver applications for their organisation (39%). Respondents were distributed across North America (41%), Europe (30%), and the Asia Pacific and Japan (29%). Respondents were employed at organisations with 10 or more employees. Specifically, 10% were employed at small organisations (i.e., those with 10 to 499 employees), 15% at midmarket organisations (i.e., those with 500 to 999 employees), and 75% at enterprises (i.e., organisations with 1,000 or more employees). Respondents represented numerous industry and government segments, with the largest participation coming from manufacturing (23%), financial services (14%), retail/wholesale (14%), technology (11%), healthcare (8%), and communications (8%). The survey was fielded between March 17, 2021, and March 31, 2021.

Sapio Methodology (UK data)

The survey was conducted among 251 Information technology (IT)/Information security or Application development/Software engineering in 500+ UK companies. The interviews were conducted online by Sapio Research in July 2021 using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. In this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.2 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample. 

READ MORE:

About Fastly

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the internet. Fastly’s platform is designed to take advantage of the modern internet, be programmable, and support agile software development with unmatched visibility and minimal latency, empowering developers to innovate with performance and security. Fastly’s customers include many of the world’s most prominent companies, including Pinterest, The New York Times, and GitHub.

About ESG

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...