94 percent of companies have had security incidents with production APIs
According to a new report 94 percent of companies have experienced security problems in production APIs in the past year, with 20 percent saying the organization suffered a data breach as a result.
The latest State of API Security Report from Salt Security also finds that found that API attack traffic has more than doubled in the past 12 months with a 117 percent increase. In the same period overall API traffic grew 168 percent, highlighting the continued explosion of enterprise API usage.
"The backbone of our modern economy, digitalization has made organizations increasingly reliant on APIs to deliver new services and better compete. This focus on digital innovation, however, has also put a target on these organizations, as this research makes clear," says Roey Eliyahu, co-founder and CEO of Salt Security. "With API attacks accelerating year over year, it's no wonder our survey shows security as the top concern about API strategies. The report findings also show the need for a more robust API security strategy -- starting with development but especially focused on runtime -- to better protect this expanding attack surface and companies’ most valuable assets."
When asked which of six attributes of API security platforms are 'highly important,' the ability to stop attacks takes the top position, with 41 percent of respondents citing it. The ability to identify which APIs expose PII or sensitive data is in second spot, with 40 percent of respondents indicating that feature as highly important. Meeting compliance or regulatory needs is third, cited by 39 percent of respondents. Applying shift-left practices comes in at the bottom of the list, with only 22 percent of respondents choosing it as highly important.
Although 53 percent of respondents say they focus on fixing gaps during development, and 59 percent look for API issues in testing, a massive 94 percent still suffered API security incidents, reflecting a need for increased runtime protection.
A worrying 61 percent admit that they lack any, or have only a basic, API security strategy in place, a concern given the high reliance on APIs for achieving critical business outcomes. Despite all survey respondents having APIs running in production, only nine percent say they have an advanced API strategy that includes dedicated API testing and protection.
The full report is available from the Salt Security site.