Anyaberkut | ISTOCK | Getty Images
Organizations are seen a risk in cybersecurity attacks application programming interfaces (apis), the mainisms that allows that allow software components to communicate and exchange Data With Ocene using. Protocols. The question is, are they prepared to defend against these assaults?
A November 2024 Report by Cloud Provider Akamai technologiesBased on a survey of more than 1,200 it and cybersecurity leaders in the US, UK, and Germany, Found That 84% Said their Organizations Had Experienced an api security insurance in the past 12 months. Only 27% of Respondents knew which apis return the sensitive data that Attackers seek.
The research shows that while api attacks are rising, Visibility INTO API RISKS That Open Doors for Attackers is Declining. The average cost to remedies api incidences was $ 591,400 in the us in sector such as financial services, the average was $ 832,800.
As the foundation of modern software development, apis facilitate inter -pplication communication and fuel digital transformation, research firm interactive data corp. Said in a report, and this critical role has broaded the attack surface, Making Apis a prime target for cybercriminals. In addition, the explosion of intelligent, artificial intelligence-infused applications only increases the use of apis, introducing new threts, idc said.
“There are many paths for threat actors to derive value from api exploits, whether that’s working their way through channels for deapeer system, or simply freely freely free the Services to the SERVICES Cess, “said josh koenig, Chief Strategy Officer at Managed Hosting Provider Pantheon. “As more apis are put to use, this is a class of vulnerability that is increasing and will likely only only pick up pace in the years to come.”
Hard-coded api credentials and cybercriminals
One of the biggest api vulnerabilityes come from trying to manage the total surface area, koenig said. “With the proliferation of apis, it’s easy for companies to lose track, much like how many many struggle to keep track of their web portfolios,” He said.
As a result, companies fail to protect apis properly and end up with security vulnerabilityes.
One of the biggest risks is the potential for accidental leakage of credentials. “It’s extramely common for developers to hard-code api credentials into code, and that makes the credentials much more vulnerable to being adjustably disclosed,” Koenig Said. “Once a threat actor has a valid api key, they can start doing damage rapidly.”
And Cyber Criminals Know About API Weaknesses and Are Taking Advantage.
“APIS SERVE AS VITAL Conduits for Data Exchange and Functionality Excure Between Applications and Services, Making their Widespread Usage An Enticing Target for MalicIOUS ACTORE C.
“The Sheer Volume and Diversity of Apis in Use and the Complexity of Modern Software Ecosystems Create Numerous Entry Points For Exclusion,” Mercer Said.
As Companies Increasing on APIS to Facilitate Seamless Integration and Connectivity, ENSURING SECURIT MASURES BCOMES BCCOMES PARAMOUNT TO SAFEGUARDING SENSITIVE DATA and PREVING Tructure, mercer said.
“Yet Most Organizations Are Hard-Pressed to Locate All the Apis in Use and Manage Their Security Exposure,” Mercer said. “It is essential to mainteain an account . “
By proactively identifying Unexpected changes in the api inventory, businesses can prescript the emergence of shadow or vulnerable appea “This can be done by establishing a (normal) baseline of api behavior and comparing it against Acual Activity to Uncover Potential Security Vulnerabilites,” He said.
Having good visibility of apis is a key to second them. “Whether it’s the apis you run or services you integrate, having full visibility across your digital ecosystem is more than half the battle,” Koenig said. “Network Management tools can help with this at a very large scale, but a surprising Amount of Value Can Be Had By Having Teams Do A Simple Exercise to List Out the APIS THE APIS
Another good practice is to implement a gateway, koenig said. “For the same reasons that it’s considered best practice to put your websites behind a web application firewall, an api gateway is a must-have for any organization operating apis as part of their service offering,” Hee SAID In addition to the security capability that deter bad actors, most gateway products help manage common pain points
Mercer Advises That Companies take a layered approach to api security that incurs that include design, testing, inventory, gateways, and advanced Runtime Protections. Apis need to be secured account the software development lifecycle, He said.
Training staff is an important step. “Increase Awareness of API Security Within Your Organization that Includes Developer and Security Team Training, to get them working toge toge toganer as a team to second APIS,” MERCER SAID.
