Cybersecurity: From an afterthought to a strategic asset
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreAPI security covers all the practices and measures taken to identify vulnerabilities in Application Programming Interfaces (APIs) and protect them from malicious attacks. API’s are critical to enable software applications to share data – so they’re widespread. And that makes them an appealing target for threat actors.
New research by Salt Labs found that 95% of the organisations surveyed have experienced security problems in production APIs, and 23% have experienced a breach. Two thirds of organisations are managing more than 100 APIs across their networks, and API threats are on the rise – but only 7.5% of organisations describe their API security programs as ‘advanced’.
API security isn’t just one thing – it’s every aspect that contributes to the overall security posture of Application Programming Interfaces (and by extension, everything else that those interfaces interact with).
This includes:
APIs are inextricable from the functionality of most digital services today – and they facilitate the transfer of sensitive data from one place to another, as well as enabling different pieces of software to interact with one another. So when an API is exposed, it can allow significant data breaches to occur; with the potential to expose information that could cause severe damage to the data provider.
The Salt Labs report found that API security incidents more than doubled year on year. And attackers are leveraging a diverse range of tactics – with many bypassing authentication protocols completely (61%, in fact).
So authentication protocols are not enough to protect against API attacks. Threat actors bypass them by exploiting vulnerabilities (including Broken Object Level Authorisation, OAuth, and insecure API endpoints) to gain unauthorised access.
Surprisingly, 13% of attack attempts explicitly target internal APIs; so security has to be comprehensive, and not limited to public-facing APIs.
It’s also worth noting that 80% of API attack attempts leverage one or more of the OWASP API Top 10 methods. But in spite of this, only 58% of Salt Labs’ survey respondents focus on this list in order to strengthen API security. It’s a valuable resource for security professionals, detailing the most vulnerabilities that attackers are most likely to exploit. It’s clear that criminals are using this list to identify vulnerabilities they can exploit – so security teams have to match that awareness, and protect against those vulnerabilities.
The API threat landscape will continue to grow, and organisations that don’t step up and invest in robust protection are putting their networks at risk. Now is the time to put API security measures at the top of your priority list – to protect sensitive data (and the future of your business) in today’s fast-paced digital ecosystem.
Join us at Black Hat MEA 2024 and discover how to improve your organisation’s cyber resilience.
Join the newsletter to receive the latest updates in your inbox.
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreFind out why CISOs and investors are investing in AI-powered integrated cybersecurity platforms.
Read MoreCybersecurity education in schools could empower a new generation of skilled, engaged cybersecurity professionals, and solve the cyber workforce shortage.
Read More