Skip to main content

Almost all businesses suffer API-related security issues

API
(Image credit: Image source: Shutterstock/Wright Studio)

In 2020, almost every enterprise suffered an API-related cybersecurity incident, according to a new report from Salt Security.

Polling 200 enterprise security officials for the report, Salt found that 91 percent of them experienced API problems - in most cases, either vulnerabilities in production APIs (54 percent), or authentication issues (48 percent). Bots, scraping and DoS attacks were also listed.

As per an ITPro report, these results can be tied to the rising popularity of APIs. Salt says that overall per-customer average monthly API call volume increased by 50 percent (from 272 million calls a month, to 410) last year, while a recent Akamai report claims 83 percent of all web traffic comes from API queries.

Truth be told, malicious traffic targeted at APIs makes up only a small proportion of the entire volume (1.40 percent), but it still grew by 211 percent (from 0.45 percent) year-on-year.

Another important factor contributing to the rise of API-related cybersecurity incidents is the fact that a quarter of organizations running production APIs don’t have an API security strategy. Yet, more than half of all respondents found a vulnerability in an API, it was said, and these vulnerabilities are often left unchecked until it’s too late.

As a direct result of API-related worries, two thirds of organizations delayed deploying new applications.

“In today’s digital economy, APIs are the direct gateway to organizations’ most critical data and assets. Built to enable customers and partners, these APIs create risk by also providing a path for attackers to follow. As APIs have grown in volume and functionality, they’ve made ever more attractive targets for hackers, driving up the number and sophistication of API attacks,” said Roey Eliyahu, CEO and co-founder of Salt Security.

“The study makes clear that companies’ current approaches for securing APIs have gaps that leave them at risk. It also highlights how organizations need new approaches to API security if they are to continue innovating safely and remain competitive.”