New Research Reveals Critical Gaps in Web App and API Security as Attack Complexity Grows
Fastly (NYSE: FSLY) and Enterprise Strategy Group released a study highlighting significant cybersecurity challenges in web application and API security. The research, based on 383 cybersecurity and IT professionals in North America, reveals organizations expect a 39% increase in web applications within two years, from 145 to 201 per organization.
Key findings show that 57% of organizations experienced web/API attacks exploiting lesser-known vulnerabilities in the past 24 months. Despite 92% implementing web application firewalls (WAFs), 67% use multiple vendors, creating complexity. API usage is projected to grow significantly, with organizations expecting API implementation to increase from 32% to 80% in two years.
The study also revealed that 45% of DDoS attacks were diversionary tactics in larger coordinated assaults, with 70% of these diversions succeeding. Additionally, 59% of IT professionals believe cyber attackers have an advantage in leveraging AI for attacks.
Fastly (NYSE: FSLY) e l'Enterprise Strategy Group hanno pubblicato uno studio che evidenzia sfide significative nella sicurezza informatica delle applicazioni web e delle API. La ricerca, basata su 383 professionisti della sicurezza informatica e IT in Nord America, rivela che le organizzazioni si aspettano un aumento del 39% delle applicazioni web entro due anni, passando da 145 a 201 per organizzazione.
I risultati principali mostrano che il 57% delle organizzazioni ha subito attacchi web/API che sfruttavano vulnerabilità meno conosciute negli ultimi 24 mesi. Nonostante il 92% delle organizzazioni abbia implementato firewall per applicazioni web (WAF), il 67% utilizza più fornitori, creando complessità. Si prevede che l'uso delle API crescerà significativamente, con le organizzazioni che si aspettano che l'implementazione delle API aumenti dal 32% all'80% nei prossimi due anni.
Lo studio ha anche rivelato che il 45% degli attacchi DDoS erano tattiche di diversione in attacchi coordinati più ampi, con il 70% di queste diversioni che hanno avuto successo. Inoltre, il 59% dei professionisti IT ritiene che gli attaccanti informatici abbiano un vantaggio nell'utilizzo dell'IA per eseguire attacchi.
Fastly (NYSE: FSLY) y el Enterprise Strategy Group publicaron un estudio que destaca desafíos significativos en la ciberseguridad de aplicaciones web y APIs. La investigación, realizada con 383 profesionales de ciberseguridad y TI en América del Norte, revela que las organizaciones esperan un aumento del 39% en aplicaciones web dentro de dos años, de 145 a 201 por organización.
Los hallazgos clave muestran que el 57% de las organizaciones han experimentado ataques web/API que explotan vulnerabilidades menos conocidas en los últimos 24 meses. A pesar de que el 92% ha implementado cortafuegos para aplicaciones web (WAF), el 67% utiliza múltiples proveedores, lo que genera complejidad. Se proyecta que el uso de APIs crecerá de manera significativa, con organizaciones que esperan que la implementación de APIs aumente del 32% al 80% en dos años.
El estudio también reveló que el 45% de los ataques DDoS eran tácticas de distracción en asaltos coordinados más grandes, con un 70% de estas distracciones que tuvieron éxito. Además, el 59% de los profesionales de TI creen que los atacantes cibernéticos tienen una ventaja al aprovechar la IA para realizar ataques.
패스트리 (NYSE: FSLY)와 엔터프라이즈 전략 그룹은 웹 애플리케이션 및 API 보안의 중요한 사이버 보안 문제를 강조한 연구 결과를 발표했습니다. 북미의 383명의 사이버 보안 및 IT 전문가를 대상으로 한 이 연구는 조직들이 웹 애플리케이션의 39% 증가를 예상하고 있으며, 이는 조직당 145개에서 201개로 증가할 것이라고 밝혔습니다.
주요 발견에 따르면 57%의 조직이 지난 24개월 동안 잘 알려지지 않은 취약점을 악용한 웹/API 공격을 경험했습니다. 92%가 웹 애플리케이션 방화벽(WAF)을 구현했지만, 67%는 다수의 공급업체를 사용하여 복잡성을 초래하고 있습니다. API 사용은 크게 증가할 것으로 예상되며, 조직들은 API 구현이 32%에서 80%로 증가할 것으로 보고 있습니다.
이 연구는 또한 45%의 DDoS 공격이 대규모 조정 공격에서의 전환 전술이었다고 밝혔으며, 이 전환 중 70%가 성공했습니다. 추가로, 59%의 IT 전문가들은 사이버 공격자가 공격을 위해 AI를 활용하는 데 유리하다고 생각합니다.
Fastly (NYSE: FSLY) et l'Enterprise Strategy Group ont publié une étude mettant en évidence des défis importants en matière de cybersécurité des applications web et des API. La recherche, basée sur 383 professionnels de la cybersécurité et des TI en Amérique du Nord, révèle que les organisations s'attendent à une augmentation de 39% des applications web dans les deux prochaines années, passant de 145 à 201 par organisation.
Les résultats clés montrent que 57% des organisations ont subi des attaques web/API exploitant des vulnérabilités moins connues au cours des 24 derniers mois. Bien que 92% aient mis en œuvre des pare-feu pour applications web (WAF), 67% utilisent plusieurs fournisseurs, ce qui crée de la complexité. L'utilisation des API devrait croître de manière significative, les organisations s'attendant à ce que l'implémentation des API passe de 32% à 80% en deux ans.
L'étude a également révélé que 45% des attaques DDoS étaient des tactiques de diversion dans des attaques coordonnées plus larges, avec un taux de succès de 70% pour ces diversions. De plus, 59% des professionnels des TI estiment que les attaquants cybernétiques ont un avantage en tirant parti de l'IA pour mener des attaques.
Fastly (NYSE: FSLY) und die Enterprise Strategy Group haben eine Studie veröffentlicht, die erhebliche Herausforderungen in der Cybersicherheit von Webanwendungen und APIs hervorhebt. Die Forschung, basierend auf 383 Cybersecurity- und IT-Professionals in Nordamerika, zeigt, dass Organisationen einen 39%igen Anstieg der Webanwendungen innerhalb von zwei Jahren erwarten, von 145 auf 201 pro Organisation.
Wichtige Ergebnisse zeigen, dass 57% der Organisationen in den letzten 24 Monaten Web/API-Angriffe erlebt haben, die weniger bekannte Schwachstellen ausnutzten. Trotz der Tatsache, dass 92% Webanwendungsfirewalls (WAFs) implementiert haben, nutzen 67% mehrere Anbieter, was die Komplexität erhöht. Die Nutzung von APIs wird voraussichtlich erheblich wachsen, wobei Organisationen erwarten, dass die Implementierung von APIs von 32% auf 80% in zwei Jahren steigen wird.
Die Studie ergab auch, dass 45% der DDoS-Angriffe Ablenkungstaktiken in größeren koordinierten Angriffen waren, wobei 70% dieser Ablenkungen erfolgreich waren. Darüber hinaus glauben 59% der IT-Professionals, dass Cyberangreifer einen Vorteil haben, wenn sie KI für Angriffe nutzen.
- 92% of organizations have implemented at least one web application firewall (WAF)
- Organizations are experiencing significant growth in web applications and API usage, indicating strong market demand
- 57% of organizations experienced web application/API attacks in the past 24 months
- 70% of diversionary DDoS attacks succeeded in causing operational disruptions and data loss
- 67% of organizations rely on multiple WAFs from different vendors, increasing complexity and security risks
- 59% of IT professionals believe cyber attackers have the advantage in AI-powered attacks
Insights
This comprehensive security study reveals several critical insights that significantly impact Fastly's market position and growth potential. The projected 39% growth in web applications and dramatic increase in API adoption (from 32% to 80%) represent a substantial expansion of Fastly's addressable market. This growth trajectory is particularly significant given that 57% of organizations have already experienced web application/API attacks, creating urgent demand for robust security solutions.
The research uncovers a compelling market inefficiency: while 92% of organizations have implemented WAFs, 67% are using multiple vendors, indicating significant market fragmentation and inefficiency. This presents a strategic opportunity for Fastly to capture market share through consolidated security offerings, especially given the documented success rate of coordinated attacks (70% of diversionary DDoS attacks succeeding).
Three key factors make this particularly relevant for investors:
- The multi-vendor security approach is becoming unsustainable as complexity increases, creating demand for unified solutions
- Growing API adoption is forcing organizations to rethink their security architecture, opening opportunities for market share gains
- The high success rate of sophisticated attacks indicates potential for premium pricing for effective solutions
However, investors should note that 59% of IT professionals believe attackers have an advantage in AI implementation, suggesting significant R&D investment may be needed to maintain competitive edge. This could pressure margins in the short term but potentially lead to stronger market positioning if executed effectively.
Despite widespread security adoption, organizations struggle to keep pace with rapid API expansion, multi-cloud challenges, and increasingly sophisticated cyberattacks, highlighting the pressing need for consolidated and automated defense solutions.
With organizations increasingly dependent on applications and APIs to generate revenue, the digital landscape is expanding at an unprecedented rate. On average, the surveyed experts project a
As application security becomes critical, the risks have also increased. According to the study,
Despite
"The rapid growth of APIs has fundamentally changed application environments and introduced significant security and governance challenges, from misconfigurations to API injection and volumetric DDoS attacks. Yet as organizations have layered multiple WAFs and bot management tools to address these risks, complexity has grown," said John Grady, principal analyst at TechTarget’s Enterprise Strategy Group. "We’ve reached a tipping point where adding different security tools provides diminishing returns. Cybersecurity and IT teams should be looking at ways to simplify operations and improve security by consolidating solutions that offer both automation and specialized protection from a wide range of threats."
The research also highlights a troubling trend:
"Speed is critical in application security, and automated attacks demand equally fast automated defenses to ensure privacy and security regulations are met and user information is protected," said Fernando Medrano, Deputy Chief Information Security Officer at Fastly. "As web applications and APIs continue to grow in prominence, organizations need to consider integrating security into the product development process early on rather than treat it as an afterthought."
To access the full report and explore how businesses are consolidating tools and shifting spending in response to high-profile cybersecurity incidents, click here. For additional insights from Fastly about the report findings and strategies for strengthening security, visit our blog.
About the Research
ESG surveyed 383 cybersecurity and IT professionals involved in securing their organizations' web applications in both midmarket and enterprise organizations across
About Fastly, Inc.
Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver online experiences that are fast, safe, and engaging through edge compute, delivery, security, and observability offerings that improve site performance, enhance security, and empower innovation at global scale. Compared to other providers, Fastly’s powerful, high-performance, and modern platform architecture empowers developers to deliver secure websites and apps with rapid time-to-market and demonstrated, industry-leading cost savings. Organizations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Neiman Marcus, Universal Music Group, and SeatGeek. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.
Source: Fastly, Inc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250204491642/en/
Media Contact
Spring Harris
press@fastly.com
Investor Contact
Vernon Essi, Jr.
ir@fastly.com
Source: Fastly, Inc.
FAQ
What percentage of organizations experienced web application attacks according to Fastly's (FSLY) study?
How much growth in web applications do organizations expect according to Fastly's (FSLY) research?
What percentage of DDoS attacks were used as diversions according to Fastly's (FSLY) study?
How is API usage expected to change according to Fastly's (FSLY) research?
