A recent report by API security firm Traceable, in collaboration with the Ponemon Institute, sheds light on the state of API security in 2023. This comprehensive study, based on insights from 1629 cybersecurity experts across the United States, the United Kingdom, and the European Union, highlights concerning trends in API security.
Notably, the report reveals a significant surge in API-related data breaches, with 74% of organizations experiencing three or more incidents within the past two years. DDoS attacks were identified as the primary method behind these breaches, contributing to an expanded attack surface for 58% of respondents.
The report underscores a troubling lack of understanding and confidence in API security, as only 38% of experts felt capable of discerning the intricacies of API activities, user behaviors, and data flows. Furthermore, traditional security solutions like Web Application Firewalls (WAFs) faced skepticism, with 57% doubting their effectiveness in distinguishing genuine API activity from fraudulent activities.
Looking ahead, 61% of respondents anticipate a rise in API-related risks over the next two years. Organizations are grappling with challenges such as API sprawl and accurate API inventory management, particularly as they maintain an average of 127 third-party API connections.
This report calls for a shift in prioritizing API security, emphasizing its critical role in an organization’s cybersecurity strategy, from the server room to the boardroom, to effectively combat the evolving threat landscape.
