According to a new report by Opswat (read the full report here)only 8% of organizations with web applications for uploading files implement adequate cybersecurity protocols against malicious attacks. Yet 99% of the corps. shown in the study state that they are concerned about cyber threats.
Proper cybersecurity for web applications supporting file uploads and transfers has lagged behind the current standard, only further pushed behind by the pandemic.
In their 2021 Web Application Security Report, Opswat found that 87% of organizations are “extremely” or “very” concerned about file uploads as an attack vector for malware and cyberattacks, with 82% reporting increased concern since last year.
While there is an overwhelming sense of awareness for the need to secure file uploads, only 8% implement standard cybersecurity practices. A concerning 32% of organizations do not scan all file uploads to detect malicious files, and an overwhelming majority do not sanitize file uploads with Content Disarm and Reconstruction (CDR) to prevent unknown malware and zero-day attacks.
Opswat conducted web application security research that analyzed trends and gaps in cybersecurity measures on file uploads. While web applications enhance productivity and user experience, file upload portals expand and introduce new attack surfaces. And, many organizations are not effectively protected, despite increased concern of malware attacks and third-party risk.
The 302 global survey participants were independent IT security professionals directly responsible for web applications accepting at least 500 file uploads per day for companies with at least 250 employees. Survey topics included overall IT security, current file upload environments, and security of external file uploads.
With the sudden switch to remote work a lot of standard cyber practices are being left in the office, don't make this same mistake. A company could be ruined because of a simple misevaluation of their current architecture, make sure you stay informed and updated on the latest cybersecurity news and standards to ensure your companies cyber well-being.