Top 5 Cybersecurity Threats 2020: What ranks alongside ransomware and office suite account hijacking

Cybersecurity Threats

The Forrester Research Top Cybersecurity Threats In 2020 report analyzes common attack patterns responsible for 2019 breaches and how security professionals can protect against them. Forrester recently published its report based on the data obtained from 3,890 respondents as part of an extensive survey performed between April 2019 and June 2019.

One of the key findings in the report—which is not surprising to application security professionals—is that three of the top five threats are application security-related issues that caused data breaches. Another well-known industry report, the Verizon DBIR June 2020, also confirms the increase in cyber-attacks on web applications, both in terms of percentage and in the raw number of breaches.

Why are web applications increasingly targeted?

Let’s take a step back to understand why web applications are a top target for attackers. Websites, mobile applications and APIs are designed to provide value to users who expect a rich and engaging experience. These applications collect a lot of personally identifiable information (PII) and sensitive data like credit card details. With application security improving over time to address data security issues related to misconfiguration, privileged access, or traditional denial-of-service (DDoS) attacks, hackers have upped their game and are attacking the front door—using the same entry points as your users: web pages of your applications or API endpoints.

The rise of brute force credential stuffing

The Forrester report notes that “Adversaries commonly leverage public-facing vulnerabilities, phishing, and brute-forced remote access credentials to infiltrate organizations.”

While phishing helps attackers launch targeted attacks and harvest user credentials, it is a lot easier for cybercriminals to use automated bots and launch credential stuffing attacks with a high degree of success. It is 2020, but users reuse the same passwords on many websites, and there are billions of stolen credentials readily available from past (Read more...)

*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: