API security worries hold back business innovation

No Comments
api

A new report shows that 66 percent of organizations admit slowing the rollout of a new application into production because of API security concerns.

The State of API Security report from Salt Security also reveals that 54 percent of organizations running production APIs have at best only a basic strategy for API security, with 27 percent having no strategy at all.

"In today's digital economy, APIs are the direct gateway to organizations' most critical data and assets. Built to enable customers and partners, these APIs create risk by also providing a path for attackers to follow. As APIs have grown in volume and functionality, they've made ever more attractive targets for hackers, driving up the number and sophistication of API attacks," says Roey Eliyahu, CEO and co-founder of Salt Security. "We compiled the industry's first State of API Security Report to better understand the enterprise experience of APIs today. The study makes clear that companies' current approaches for securing APIs have gaps that leave them at risk. It also highlights how organizations need new approaches to API security if they are to continue innovating safely and remain competitive."

It shows 91 percent had suffered an API security problem last year. Vulnerabilities (54 percent) and authentication issues (46 percent) top the list, followed by bot/scraping (20 percent) and denial of service attacks (19 percent). Finding a vulnerability in a production API means that pre-production vetting, while crucial, isn't preventing vulnerabilities from making their way into production rollouts.

More worrying is that Salt customer data shows the number of API attacks per month per customer is up from 50 last June to nearly 80 by December. More concerning still is that nine percent of respondents admit they can't identify API attacks. In addition only 16 percent of respondents are very confident that their API inventory is complete.

Of organizations responding to the survey 80 percent don't believe their security tools can prevent API attacks effectively. Also 82 percent lack confidence in knowing API details such as exposed PII, which might include CPNI, PHI, cardholder data, and other sensitive information, 22 percent admit they have no way to know which APIs expose PII.

You can read more on the Salt Security blog.

Photo Credit: Panchenko Vladimir/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

TCL 50 XL 5G Android smartphone hits Metro by T-Mobile: Big features, small price

The increasing sophistication of synthetic identity fraud

The NIST/NVD situation and vulnerability management programs

How AI will shape the future of the legal industry

Start menu ads are rolling out to all Windows 11 users -- here's how to turn them off

Qualcomm introduces Snapdragon X Plus for Windows PCs

Free test lets you check how websites measure up to privacy rules

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.