API attacks increase almost 700 percent in the last year

No Comments
api

Malicious API traffic has increased 681 percent in the last year, set against a 321 percent increase in overall API traffic.

A new report from API security specialist Salt Security shows 95 percent of surveyed organizations have experienced an API security incident in the past 12 months.

But despite the dramatic increase in attacks and incidents, these organizations -- all of whom are running production APIs -- remain unprepared for API attacks, with 34 percent of respondents lacking any kind of API security strategy.

"To thrive today, every company must be a software company, and APIs reside at the heart of their application innovation. Digital businesses have emerged as the leaders of our modern economy, and at the same time, they've become the leading targets for bad actors," says Roey Eliyahu, co-founder and CEO, Salt Security. "We're seeing API attacks accelerating significantly year over year. Even more concerning, the pace of growth in API usage and attacks continues to outpace enterprise readiness and defenses. Organizations must invest the time and effort to understand the API attack landscape and the critical capabilities needed to protect their most vital assets."

Perhaps not surprisingly 62 percent of survey respondents acknowledge having slowed down the rollout of a new application because of API security concerns.

Security is the top API worry, with insufficient investment in pre-production security taking the top spot, at 22 percent, another 18 percent of respondents are concerned that the program doesn’t adequately address runtime or production security. Insufficient investment in fleshing out requirements and documentation is the leading concern for 19 percent of respondents.

When it comes to dealing with attacks, 34 percent have no strategy in place and 27 percent have just a basic strategy. Only 11 percent have an advanced strategy that includes dedicated API testing and protection.

There's also a division over responsibility, more than half of survey respondents say the primary responsibility sits with developers, DevOps, or DevSecOps. While only 31 percent put the responsibility for API security onto AppSec or InfoSec teams.

You can find out more in the full report which is available from the salt Security site.

Photo Credit: Panchenko Vladimir/Shutterstock

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Six out of 10 businesses struggle to manage cyber risk

Ransomware rampage -- how to fight back against attacks [Q&A]

Why the financial services industry has to start future-proofing their operations

We're not going to deal with today's IT admin issues with yesterday's technology

AI-powered data management: Navigating data complexity in clinical trials

Workforces need the skills to defend against AI-enabled threats

Overcoming real-time data integration challenges to optimize for surgical capacity and better care

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

20 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

17 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.