Akamai Research Finds 29% of Web Attacks Target APIs
- None.
- None.
Insights
The findings from Akamai's State of the Internet report shed light on the escalating threat landscape within the commerce sector, which is particularly concerning given the industry's reliance on APIs for various customer-facing and internal operations. The high percentage of attacks in this sector suggests that cybercriminals are targeting APIs as they are lucrative entry points for accessing sensitive data and disrupting services. This trend has significant implications for businesses in terms of potential financial losses, reputational damage and regulatory penalties.
For stakeholders, this report underscores the necessity of investing in robust API security measures. The rise in API attacks correlates with the potential for increased operational risk and businesses may face pressure from investors to demonstrate proactive cybersecurity strategies. The emphasis on business logic abuse and the difficulty in detecting abnormal API activity highlight the need for advanced monitoring solutions and the implementation of AI-driven anomaly detection systems.
Organizations that fail to secure their APIs adequately may suffer from data breaches, service disruptions and loss of customer trust, which can have long-term financial repercussions. Conversely, companies that prioritize API security may gain a competitive edge by ensuring the reliability and integrity of their digital services.
The report's indication of a 44% attack rate on commerce APIs is a stark reminder of the financial implications of cybersecurity. As APIs are integral to the digital economy, their vulnerability can directly impact a company's bottom line. The potential for data breaches and service interruptions can lead to direct costs such as fines, legal fees and compensation, as well as indirect costs like increased insurance premiums and investment in security upgrades.
From an investor's perspective, the security posture of a company is becoming an increasingly important factor in valuation. Companies that demonstrate resilience to cyber threats may be rewarded with higher investor confidence and potentially better stock market performance. On the other hand, those with weak security measures may see their market value erode in the event of an attack. It is important for investors to assess the cybersecurity strategies of companies within their portfolios, especially in high-risk sectors like commerce.
Furthermore, the regional data provided for EMEA and APJ regions offer investors insights into geographic-specific risks, enabling a more nuanced analysis of international operations and their potential vulnerabilities.
The prevalence of API attacks within the commerce sector has significant implications for IT infrastructure investments. As businesses increasingly rely on digital platforms to drive growth and customer engagement, the need for secure and scalable API infrastructures becomes paramount. The report highlights the necessity for organizations to not only invest in cybersecurity solutions but also to consider the architecture of their IT systems.
Businesses may need to re-evaluate their existing IT infrastructure to ensure it can withstand the evolving threat landscape. This includes adopting microservices architectures that can isolate and protect individual services, implementing API gateways for better management and security and ensuring compliance with industry standards and regulations. The report's focus on runtime challenges suggests that businesses should also invest in real-time monitoring and response systems to quickly address any security incidents.
The cost of such IT infrastructure upgrades can be significant, but the investment is justified by the need to protect against the financial and operational risks posed by API attacks. Companies that can effectively manage and secure their API environments are likely to experience fewer disruptions and maintain better customer trust, which is critical for long-term success in the digital economy.
Commerce is the most targeted sector with
APIs are vital to most organizations because they improve both employee and customer experiences. Unfortunately, cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation. The new SOTI notes that these attacks will continue to spike as the demand for API use increases, and urges organizations to properly account for and secure their APIs.
This latest research analyzes some of the most common problem areas with regard to both posture and runtime challenges. It offers several case studies that underscore the real-world implications of API security for organizations and features breakout reports with data for the
Other key findings of the report include:
- Business logic abuse is a critical concern because it is challenging to detect abnormal API activity without establishing a baseline for API behavior. Organizations without solutions to monitor anomalies in their API activity are at risk of runtime attacks like data scraping — a new data breach vector that uses authenticated APIs to slowly scrape data from within.
- The range of attacks on APIs includes tried-and-true methods like Local File Inclusion (LFI), Structured Query Language injection (SQLi), and Cross-Site Scripting (XSS) to infiltrate their targets.
- APIs are at the heart of most of today's digital transformations so it is paramount to understand the industry trends and relevant use cases, such as loyalty fraud, abuse, authorization, and carding attacks.
- Organizations need to think about compliance requirements and emerging legislation early in their security strategy process to avoid the need to re-architect.
"APIs are increasingly critical to organizations but their security is often not designed into the capability, or the security team is not able to keep up with the rapid deployment of new technology," said Steve Winterfeld, Advisory CISO of Akamai. "Lurking in the Shadows: Attack Trends Shine Light on API Threats provides insights and visibility to help organizations leverage the best practices to protect customers."
This year marks the 10th anniversary of Akamai's State of the Internet (SOTI) reports. The SOTI series provides expert insights on the cloud security and web performance landscapes, based on data gathered from Akamai Connected Cloud.
About Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away. Learn more about Akamai's cloud computing, security, and content delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on X, formerly known as Twitter, and LinkedIn.
Contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/akamai-research-finds-29-of-web-attacks-target-apis-302092424.html
SOURCE Akamai Technologies, Inc.
FAQ
What percentage of overall web attacks targeted APIs from January through December 2023?
Which sector is the most targeted with API attacks according to the report?
What are some common attack methods on APIs mentioned in the report?
What are some key findings of the State of the Internet report?
Which regions are featured in breakout reports in the SOTI report?
