APIs are becoming a cybersecurity disaster zone

APIs are becoming a cybersecurity disaster zone

Trending 5 months ago 40
  1. Home
  2. News
  3. Computing
(Image credit: Pixabay)

Web exertion programme interfaces (APIs) are increasing progressively popular, causing each mode of cybersecurity problems successful the process.

This is according to a caller study from Noname Security, which surveyed 3,000 employees crossed 350 businesses astir challenges associated with APIs.

The institution recovered that APIs are highly fashionable these days, with an mean enactment leveraging 15,564 APIs successful total, up 201% year-on-year.

Security incidents

However, galore companies are facing problems. More than 2 successful 5 (41%) person had an API-related cybersecurity incidental successful the past 12 months, with astir two-thirds (63%) of those involving a information breach, oregon data loss.

For example, 1 of the biggest marketing automation platforms and email selling services, MailChimp, was breached by attackers who besides also accessed API keys (now defunct) from an chartless fig of customers. 

With the keys, the attackers could make customized email campaigns and nonstop them to mailing lists without accessing the MailChimp lawsuit portal.

Almost each (90%) companies person API authentication policies acceptable up, but a 3rd (31%) said they weren’t precisely assured these policies provided an capable level of protection.

What’s more, a 3rd (35%) person had projects delayed owed to API information concerns, with 87% of those believing that integrating API information investigating into developer pipelines could person prevented the delays. 

Roughly fractional (51%) are afloat assured successful their API inventories, with a 4th (26%) adding that their inventory update processes are manual.

“With API usage continuing to grow, this utmost level of usage and dependency has enabled galore vulnerabilities to emergence to the surface, making securing these APIs crossed sectors much paramount than ever,” said Daniel Kennedy, Principal Research Analyst astatine 451 Research. 

“This study should assistance enterprises of each sizes crossed assorted sectors marque the informed decisions they request erstwhile processing their API information strategy.”

Sead Fadilpašić

Sead is simply a seasoned freelance writer based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.