Only 8% of organizations with web applications for uploading files implement adequate cybersecurity protocols against malicious attacks, according to a new report by Opswat. Yet almost all of them (99%) are concerned (to a varying degree) about cyber threats.

Organizations have raced to digitally transform their businesses in response to market pressures and customer demands leading to widespread adoption of cloud services and collaboration and sharing platforms. However, security for their web applications supporting file uploads and transfers has lagged behind, further exacerbated by the pandemic.

In their 2021 Web Application Security Report, Opswat found that 87% of organizations are “extremely” or “very” concerned about file uploads as an attack vector for malware and cyberattacks, with 82% reporting increased concern since last year.

While there is awareness of the need to secure file uploads, only 8% implement cybersecurity best practices. A concerning 32% of organizations do not scan all file uploads to detect malicious files, and an overwhelming majority do not sanitize file uploads with Content Disarm and Reconstruction (CDR) to prevent unknown malware and zero-day attacks.

Opswat conducted web application security research that analyzed trends and gaps in cybersecurity measures on file uploads. While web applications enhance productivity and user experience, file upload portals expand and introduce new attack surfaces. And, many organizations are not effectively protected, despite increased concern of malware attacks and third-party risk.

The 302 global survey participants were independent IT security professionals directly responsible for web applications accepting at least 500 file uploads per day for companies with at least 250 employees. Survey topics included overall IT security, current file upload environments, and security of external file uploads.

Read the full report by Opswat.