Have you thought about the security of your Web applications lately? If not, you should. The recently released, third edition of the Imperva Web Application Attack Report (WAAR) revealed that the median number for annual attack incidents on 50 different Web applications was 274 times a year, with one target experiencing more than 2,700 attack incidents. The report also found that the average attack incident for the observed Web applications lasted seven minutes and 42 seconds, but the longest attack incident lasted an hour and 19 minutes. The favorite means of attack? Probably not too surprising: SQL injections.
Talking about the report in a release, Amichai Shulman, CTO, Imperva, said:
These findings indicate a significant difference between an average Web application attack incident and the upper limit. We believe that organizations that are only prepared for an average attack incident may be overwhelmed by larger attack incidents, like a flood bursting through a levy.
The report also found that Web applications are being attacked, on average, 120 days a year. So, you figure that once out of every three days your site is likely to be targeted for multiple attacks. With numbers like that, you might think that you can anticipate an attack, but not so, the report found, stating:
Another key finding is that the correlation between different days seems to be low. It suggests that prediction of future attacks days, based on the attacks history, would be challenging, at best. Therefore, the defense side cannot count on having any advance notice.
You know and I know that these attacks aren’t going to slow down. Imperva’s conclusion on how to deal with the increased onslaught of attacks is to first and foremost come up with security solutions that detect automated attacks. In other words, be proactive for what might come, rather than reactive for what has already happened.
The last words of the report are ones that anyone who works in IT should take to heart:
Good intelligence saves lives on the cyber battlefield.
My thoughts exactly.