From helpnetsecurity.com
Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly.
Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent figures suggest that the majority of all internet traffic is now directed via APIs.
The lack of action on API breaches
The ubiquity of APIs means they have become one of cybercriminals’ favourite gateways for account takeover attacks. In a recent survey by Fastly, 84% of respondents admitted to not having advanced API security in place.
The lack of action on API breaches comes despite the vast majority of decision-makers knowing there is a problem. 95% of respondents surveyed by Fastly said they had experienced API security problems in the last twelve months.
79% had delayed the rollout or integration of a new application due to API security concerns. In addition, 79% claim to place a ‘high or very high’ level of importance on API security. Asked why none of this has translated into action, ‘insufficient budget’ and a ‘lack of expertise’ were the most commonly stated reasons.
“The results of our survey show that decision-makers know that increased reliance on APIs creates a risk of serious cyberattacks. But so far they are not doing enough about it. This is surprising given that the operational and reputational cost of a breach far outweighs the price of deploying a consolidated web application and API security solution from a single provider,” said Jay Coley, Senior Security Architect at Fastly.