API safety firm Traceable has unveiled its 2023 State of API Safety Report. In collaboration with the Ponemon Institute, the research supplies a complete international perspective on the state of API safety, exposing important vulnerabilities and their far-reaching penalties.
The report, based mostly on insights from 1629 cybersecurity specialists throughout the USA, the UK and the European Union, paints a regarding image of the API safety panorama.
One of the vital alarming revelations is the sharp improve in API-related information breaches. Throughout the previous two years, 60% of organizations surveyed reported at the least one breach, with a considerable 74% experiencing three or extra incidents. DDoS assaults emerged as the first methodology, accounting for 38% of breaches. This, coupled with different assault vectors, considerably expands organizations’ potential assault surfaces, in keeping with 58% of respondents.
“In an period the place digital ecosystems are intrinsically entwined with our operational cloth, this report brings to gentle the hidden iceberg beneath the API panorama,” commented Richard Fowl, chief safety officer of Traceable.
“It’s alarming to see that almost all of companies are navigating these treacherous waters with a big blind spot, unprepared and underestimating the very actual threats related to APIs.”
The analysis additionally highlights a lack of knowledge and confidence in API safety. Solely 38% of specialists felt able to discerning the nuances of API actions, consumer behaviors and information flows. Conventional safety options, together with Internet Software Firewalls (WAFs), got here underneath scrutiny, with 57% doubting their effectiveness in distinguishing real from fraudulent API exercise.
Trying forward, 61% of respondents anticipate escalating API-related dangers within the subsequent two years. Organizations are grappling with challenges akin to API sprawl (48%) and the correct stock administration of APIs (39%). On common, organizations keep 127 third-party API connections, but solely 33% expressed confidence in securing these exterior threats.
Learn extra on API safety: Important API Safety Gaps Present in Monetary Providers
“As a safety group, we should handle this obtrusive disconnect, prioritizing API safety as a cornerstone of our cyber protection technique,” Fowl added. “It’s time that API safety is elevated from the server room to the boardroom. Solely by doing so can we hope to remain forward of the evolving menace panorama.”
