A new study has revealed there are glaring gaps in the API security landscape around the world.
Traceable AI has released its comprehensive research report the 2023 State of API Security: A Global Study on the Reality of API Risk.
Engaging 1,629 cybersecurity experts across the United States, the United Kingdom, and the European Union, the study presents a unique perspective into the dark reality of API-related data breaches and their impact on organisations.
The report critically analyses API-related data breaches, API sprawl, the use of traditional solutions such as Web Application Firewalls, API governance and the emerging role of Zero Trust Security in fortifying API security. The global findings provide insight into the challenges and security practices of organisations around the world, assessing their awareness and strategies for addressing API security risks.
Findings from the survey underscore the urgency of API security
The report found 74% of respondents reported at least three API-related breaches in the past two years.
Within the last two years, 60% of organisations faced at least one API-related breach. Disturbingly, 74% of these endured three or more incidents, revealing a relentless threat landscape with 23% undergoing six or more breaches.
Alongside fraud and known attacks, DDoS stands out as the primary API breach method, according to the report. Compounding this, 58% agree that APIs substantially expand organisations attack surface.
Only 38% of respondents can discern intricate context between API activity, user behaviours, and data flow. Plus, a significant 57% of respondents feel traditional security solutions, including Web Application Firewalls, can't effectively distinguish genuine from fraudulent API activity.
With a considerable 61% anticipating rising API-related risks in the next two years, the report found organisations are also wrestling with challenges like API sprawl (48%) and keeping an accurate inventory (39%).
While dealing with an average of 127 third-party API connections, a mere 33% express confidence in managing these external threats. This is exacerbated by uncertainties regarding the volume of data their APIs transmit, emphasising an urgent call for advanced breach detection solutions.
"In an era where digital ecosystems are intrinsically entwined with our operational fabric, this report brings to light the hidden iceberg beneath the API landscape," says Richard Bird, Chief Security Officer of Traceable.
"It's alarming to see that the majority of businesses are navigating these treacherous waters with a significant blind spot, unprepared and underestimating the very real threats associated with APIs," he says.
"As a security community, we must address this glaring disconnect, prioritising API security as a cornerstone of our cyber defense strategy. Its time that API security is elevated from the server room to the boardroom. Only by doing so can we hope to stay ahead of the evolving threat landscape."