Web applications are the leading cause of security incidents for financial services, according to the 2016 Verizon Data Breach Investigation Report; this is up from 31 percent from last year’s report.
Verizon describes web app attacks as any incident in which a web application was the vector of attack. This includes exploits of code-level vulnerabilities in the application as well as thwarting authentication mechanisms. Key findings of the 2016 DBIR highlighted the information and retail sectors as top industries, alongside financial services, under attack. The report also revealed that “the breaches within this pattern are heavily influenced by information gathered by contributors involved in the Dridex botnet takedown. Hundreds of breaches involving social attacks on customers, followed by the Dridex malware and subsequent use of credentials captured by keyloggers, dominate the actions. Defacements are still commonplace and CMS plugins are also a fruitful attack point.”
“This is why web application security matters,” says Anton Jacobsz, MD at Networks Unlimited, a South African value-added distributor of converged technology-, data centre-, networking-, and security technology solutions, operating throughout Africa. “Victim demographics range far and wide, and when it comes to having your data compromised, no country, industry or business is bulletproof.”