Organizations across Asia-Pacific (APAC) are struggling with a multitude of application security challenges, from bad bots to broken APIs and supply chain attacks, according to a new global study by Barracuda, a leading provider of cloud-enabled security solutions.

Taking in 750 responses from IT decision-makers (ITDM) in APAC, the United States, and EMEA, the report titled, “The State of Application Security in 2021,” found that on average, APAC organizations were successfully breached twice in the past 12 months as a direct result of an application vulnerability (38%), with 27% of respondents reporting at least one breach over the same period, and 14% reporting being breached more than three times.

Commissioned by Barracuda, the research surveyed 250 APAC application security decision-makers responsible for their organization’s application development and security, to get their perspectives on data breaches, top application security vulnerabilities, and the most important product capabilities needed to defend against multi-vector application attacks.

Barracuda study finds ITDMs raise concern over protecting Office 365 data

Spending on security solutions to reach $133.7 billion in 2022, says IDC

Overall, the findings indicate that more needs to be done to protect against application security threats, revealing that the range of application security-related challenges facing organizations in APAC today may extend way beyond difficulties in securing multiple attack vectors.

Vulnerability detection

APAC respondents identified their top application security challenges as software supply chain attacks (46%), with 44% saying that adding security significantly slows down application development time. While 43% stated that vulnerability detection is a key challenge, followed closely by bot attacks (39%) and securing APIs (37%).

The research also revealed that web application and zero-day vulnerabilities were the main cause of successful security breaches affecting their organization’s applications in the last 12 months (55%), followed closely by bot attacks and software supply chain attacks in joint second place (40% each).

“Applications have been steadily rising as one of the top attack vectors in recent years, and the rapid shift to remote work in 2020 has only intensified this trend,” said Mark Lukie, systems engineer manager, Barracuda, Asia-Pacific. “Organizations in APAC are struggling to keep up with the pace of these attacks, particularly newer threats like bot attacks, API attacks, and supply chain attacks, and they need help filling these gaps effectively.”

The survey, conducted by independent market researcher Vanson Bourne, includes responses from 750 application security decision-makers responsible for their organization’s application development and security. They came from organizations in companies with 500 or more employees.