New research by app-security firm WhiteHat Security shows that 70% of cloud apps in the manufacturing sector have vulnerabilities.
The research has found web-facing apps are one of the highest security risks for organizations, as more than 40 percent of these apps leak data which may affect other businesses and partners.
According to WhiteHat Security, manufacturing apps are particularly vulnerable to attacks – 70% of cloud applications have at least one serious vulnerability in the past year.
“AppSec Stats Flash Volume 3,” the research in question, outlines how the increased reliance on internet-connected applications using web, mobile, and API-based interfaces has expanded the attack surface and thus increased security risks that organizations and their supply chains face today.
The top five vulnerabilities found in internet-facing apps in the last three months, according to the researchers, are data leaks, insufficient session expiration, cross-site scripting, content spoofing, and insufficient transport layer protection.
In a pandemic world, cloud applications have become the backbone of the global economy, as business is increasingly done over the Internet. Applications are increasingly polymorphic, as they are accessed through web, mobile, and APIs. This presents a multi-dimensional security challenge, researchers said.
“We continue to find that window of exposure, a key measure of exploitability remains very high,” Setu Kulkarni, vice president of strategy at WhiteHat, told Threatpost. “Web-facing applications and APIs continue to have serious exploitable vulnerabilities throughout the year.”
As we’ve seen previously, attacks on the supply chain opens the door for lateral movement to other parts of a network, compromising the victim’s partners. This can be particularly damaging because such attacks can affect a bigger number of connected systems and business applications that are linked more than ever before, Kulkarni said.
Another key finding is that the average response time for an organization to fix critical vulnerabilities is still over 190 days.
The manufacturing sector is particularly susceptible to exploits of cloud applications. This is likely because traditionally the industry was not internet-connected. It had to rapidly transition legacy systems and software to the cloud to keep up, Kulkarni told Threatpost.
“The lift and shift of applications that were never meant to be internet-facing to become internet-enabled has likely resulted in this high risk,” he said.
The remediation of vulnerabilities in an organization’s cloud apps is “an immediate and imminently achievable goal for development and security teams,” researchers say. “Organizations must take inventory of public-facing apps, scan them continuously in production and take a risk-based approach to fix in-production issues,” they said.
