Rampant API Growth Causing Cybersecurity Risks for Businesses
-
Fastly survey reveals that 9 out of 10 decision-makers know that APIs are a trojan horse for cyber-attacks - but most don’t invest in advanced security -
UK is marginally ahead of the pack - but financial services sector shows a lack of urgency over the risk of reputationally-damaging cyber breaches - Single provider security solutions and AI could provide answers
Lack of advanced API security endemic
The ubiquity of APIs means they have become one of cybercriminals’ favourite gateways for account takeover attacks. In a recent survey by Fastly, 84% of respondents admitted to not having advanced API security in place.
The lack of action on API breaches comes despite the vast majority of decision-makers knowing there is a problem. 95% of respondents surveyed by Fastly said they had experienced API security problems in the last twelve months. Over three quarters (79%) had delayed the rollout or integration of a new application due to API security concerns. In addition, 79% claim to place a ‘high or very high’ level of importance on API security. Asked why none of this has translated into action, ‘insufficient budget’ and a ‘lack of expertise’ were the most commonly stated reasons.
Risk of operational and reputational damage
Key areas of concern
Asked which attributes of an API security platform would be the most important to their company, respondents said number one would be identifying which APIs expose personal or sensitive data (43%). Other top concerns included identifying all APIs, including those that are undocumented (40%) and logging and monitoring (28%). However, companies are increasingly struggling to identify API attacks because of the sheer volume of notifications that they receive using legacy security solutions.
In Fastly’s experience, credential stuffing, business logic abuse, and DDoS attacks are just a few of the malicious automated bot attacks that are being deployed to take over accounts and perpetrate identity theft and fraud. Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defence techniques struggle to detect these potentially devastating incursions.
AI security solutions untapped – but coming
One solution to the complexity of the API landscape could be a new generation of AI-powered cybersecurity systems, but Fastly found there is currently little enthusiasm for this. Only 14% of companies surveyed regarded the use of AI technologies in API security as a priority. That said, 58% anticipate that generative AI will have a ‘large or very large’ impact on API security over a window of approximately 2-3 years.
Sector-based and regional variations
One concerning aspect of Fastly’s survey is that heavily-regulated sectors dealing with sensitive data are some of the worst culprits when it comes to API inaction. Only 80% of respondents in financial services placed a high or very high level of importance on API security. This compares with 89% in wholesale, retail and e-commerce.
In terms of regional variations, the importance of API security was rated highly in the
One intriguing insight is the gulf in attitudes within company hierarchies. 91% of C-suite and compliance experts place ‘a high or very high’ level of importance on API security but only 74% of in-house security specialists feel the same way. The implication, perhaps, is that the security cohort is underestimating the scale of the threat – either that or they are exposed to a wider pool of threats on a day to day basis.
To read the full report and understand how businesses can help establish a secure digital environment, visit https://learn.fastly.com/api-security-study-24.html.
About the research
This research surveyed 235 key IT and cybersecurity decision-makers in large organisations spanning multiple industries across the
About Fastly
Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver some of the best online experiences possible through edge compute, delivery, security, and observability offerings improving site performance, enhancing security, and empowering innovation at global scale. Compared to legacy providers, Fastly’s powerful and modern network architecture is one of the fastest on the planet, empowering developers to deliver secure websites and apps with rapid time-to-market and industry-leading cost savings. Organisations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Wendy’s, Stripe,
Source:
View source version on businesswire.com: https://www.businesswire.com/news/home/20240320654923/en/
Media Contact:
press@fastly.com
Investor Contact:
ir@fastly.com
Source: