94% of respondents experienced API security incidents in 2021
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
Few assets in the attack surface cause as much trouble as APIs. Not only are many organizations' APIs openly exposed on the internet, but they also depend on those APIs to access critical data assets and applications.
Many security teams are still trying to figure out that APIs are just as susceptible to exploitation as weaknesses in servers or networks, and struggle to maintain up-to-date inventories of APIs and vulnerabilities in the environment.
A new study published by API security vendor Salt Security has highlighted this trend by revealing that 94% of organizations responding to their survey have encountered security issues in production APIs in the past. past year, with 20% saying their organization actually experienced a data breach as a result of API breaches.
These security issues can be as serious as openly exposing protected data online. For example, among Salt's customer base, 91% of APIS openly exposed PII and sensitive data to threat actors.
For businesses, this study underscores that most organizations need to re-evaluate their API security strategies to ensure they have the maturity to protect APIs throughout the development lifecycle.
Move away from safety "shift left"Just a few years ago, in 2019, Gartner released a set of Strategic Planning Assumptions, predicting that by 2021, 90% of web applications will have more attack surface in the form of Exposed APIs, and that by 2022, API abuse will move from an infrequent attack vector to the most frequent attack vector.
Considering that new research from Salt Security found that API attack traffic doubled in the past 12 months, those predictions seem to have come true.
At the same time, the rise in API-focused attacks shows that threat actors are well aware that companies are not sufficiently securing their APIs.
In short, the writing is on the wall for left-shift approaches to testing and security; organizations need much more proactive and continuous API vulnerability scanning and mitigation.
“If an organization relies solely on left shift capabilities, it puts itself at risk. On some level, customers seem to appreciate this difference. form of API security are very important, stopping attacks came at the top of the list, and left-shifting practices were at the very bottom,” said Salt Security VP of Marketing Michelle McLean.
>"This finding makes sense given the need to protect now rather than protecting future assets, but companies need to take their own advice and be more proactive about API security," McLean said.
Control the risk of exploiting APIsMcLean notes that the risk of API exploits is also not purely theoretical: 34% of Salt Security customers experience more than 100 attempted attacks per month, and 60% of respondents manage more than 100 APIs .
The only way for organizations to master this landscape is to have an advanced API security strategy, rather than relying on API gateways and web application firewalls (WAFs) that offer little protection against these types of attacks.
In practice, an advanced API security strategy means deploying a solution that can handle hundreds or thousands of ever-changing APIs, from development to deployment and runtime, while automatically updating an inventory of digital APIs.
Salt Security strives to fulfill this framework by using an API Context Engine (ACE) alongside machine learning and artificial intelligence to automate API discovery and automatically detect vulnerabilities in the surface of attack.
The API Security MarketWith an awareness of the security problem...
Couldn't attend Transform 2022? Check out all the summit sessions in our on-demand library now! Look here.
Few assets in the attack surface cause as much trouble as APIs. Not only are many organizations' APIs openly exposed on the internet, but they also depend on those APIs to access critical data assets and applications.
Many security teams are still trying to figure out that APIs are just as susceptible to exploitation as weaknesses in servers or networks, and struggle to maintain up-to-date inventories of APIs and vulnerabilities in the environment.
A new study published by API security vendor Salt Security has highlighted this trend by revealing that 94% of organizations responding to their survey have encountered security issues in production APIs in the past. past year, with 20% saying their organization actually experienced a data breach as a result of API breaches.
These security issues can be as serious as openly exposing protected data online. For example, among Salt's customer base, 91% of APIS openly exposed PII and sensitive data to threat actors.
For businesses, this study underscores that most organizations need to re-evaluate their API security strategies to ensure they have the maturity to protect APIs throughout the development lifecycle.
Move away from safety "shift left"Just a few years ago, in 2019, Gartner released a set of Strategic Planning Assumptions, predicting that by 2021, 90% of web applications will have more attack surface in the form of Exposed APIs, and that by 2022, API abuse will move from an infrequent attack vector to the most frequent attack vector.
Considering that new research from Salt Security found that API attack traffic doubled in the past 12 months, those predictions seem to have come true.
At the same time, the rise in API-focused attacks shows that threat actors are well aware that companies are not sufficiently securing their APIs.
In short, the writing is on the wall for left-shift approaches to testing and security; organizations need much more proactive and continuous API vulnerability scanning and mitigation.
“If an organization relies solely on left shift capabilities, it puts itself at risk. On some level, customers seem to appreciate this difference. form of API security are very important, stopping attacks came at the top of the list, and left-shifting practices were at the very bottom,” said Salt Security VP of Marketing Michelle McLean.
>"This finding makes sense given the need to protect now rather than protecting future assets, but companies need to take their own advice and be more proactive about API security," McLean said.
Control the risk of exploiting APIsMcLean notes that the risk of API exploits is also not purely theoretical: 34% of Salt Security customers experience more than 100 attempted attacks per month, and 60% of respondents manage more than 100 APIs .
The only way for organizations to master this landscape is to have an advanced API security strategy, rather than relying on API gateways and web application firewalls (WAFs) that offer little protection against these types of attacks.
In practice, an advanced API security strategy means deploying a solution that can handle hundreds or thousands of ever-changing APIs, from development to deployment and runtime, while automatically updating an inventory of digital APIs.
Salt Security strives to fulfill this framework by using an API Context Engine (ACE) alongside machine learning and artificial intelligence to automate API discovery and automatically detect vulnerabilities in the surface of attack.
The API Security MarketWith an awareness of the security problem...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
