API security is top concern for the financial sector

The proliferation of APIs in the financial services industry has created a vast and complex attack surface that traditional security measures cannot adequately protect.

API security specialist Traceable AI surveyed over 150 cybersecurity professionals in the US, uncovering critical vulnerabilities, concerns, and current API security practices in the financial sector.

Among the findings are that 82 percent of financial institutions expressed moderate to extreme concern about complying with federal financial regulations, including FFIEC, OCC, and CFPB, and 76 percent are concerned about PCI-DSS compliance as it relates to their API security posture.

There's a lack of visibility and context too, 64 percent of respondents say they don't have the ability to understand the context between API activity, user activity, data flow, and code execution, hindering their ability to detect and respond to API-based threats effectively.

The issue is compounded as APIs in financial organizations commonly handle personally identifiable information (60 percent), account authentication data (60 percent), payment card details (56 percent), and device and location data (55 percent), making them prime targets for attackers.

"The findings of this report serve as a reality check for our industry. While financial organizations understand the importance of API security, many are still struggling with basic challenges," says Richard Bird, chief security officer at Traceable and former CISO in the financial services industry. "As security leaders, we can't afford to be caught off guard by the growing threats of fraud and malicious bots that are constantly looking for ways to exploit API vulnerabilities."

Detecting and preventing unauthorized access to accounts (35 percent), sensitive data exfiltration (33 percent), and identifying API vulnerabilities (30 percent) are the most pressing API security concerns for financial institutions. 42 percent of respondents who experienced an API-related data breach cite fraud, abuse, and misuse as the root cause, and only 15 percent are extremely confident in their ability to detect and prevent API-based fraud and abuse.

Bird continues, "This report is a call to action for all of us to take a hard look at what we're doing now and work together to prioritize and implement effective security measures. The stakes are high, and we need to step up and lead the charge in securing our API ecosystems."

You can get the full report from the Traceable AI site.

Image credit: Profit_Image/Shutterstock