API attack traffic grows more than 300 percent
In the past six months overall API traffic has increased 141 percent but in the same time period, API attack traffic has grown by a startling 348 percent.
A new report from Salt Security reveals significant challenges in addressing API security, with all Salt customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.
"APIs and the valuable data they access are linchpins of today's data- and application-centric economy. Yet APIs remain one of the most vulnerable elements of any organization’s application or software stack," says Roey Eliyahu, co-founder and CEO of Salt Security. "Anecdotally, we know we find critical security vulnerabilities in the APIs of 90 percent of the prospects we support. This report quantifies those anecdotal findings, highlighting the API security risks companies are living with everyday. As API adoption and traffic has accelerated, so have the security risks. APIs are meant to enable innovation, not stifle it, as we're seeing in this report."
Organizations rely on APIs for a broad range of business-critical initiatives, 61 percent of survey respondents use APIs for platform or system integration, 52 percent use them to drive digital transformation, and 47 percent use them to standardize or improve the efficiency of application and software development. However, 64 percent of respondents say they are delaying application rollouts as a result of API security concerns.
Every organization surveyed has dozens of APIs in production, but only 39 percent have more than a basic security strategy for their API program and more than a quarter have no strategy at all. When asked what's stopping them from creating a robust plan, a lack of resources/people is cited by 30 percent and budget constraints by 24 percent.
Among other findings, 40 percent of respondents cite the risk of 'Zombie APIs' as their top concern. 85 percent of respondents have some doubt about the completeness of their API inventory, and 85 percent lack confidence that they know which APIs expose sensitive data. 55 percent percent see runtime protection as the top priority for API security and the most highly valued attribute of an API security platform.
You can get the full report from the Salt site.