Rampant API Growth Causing Cybersecurity Risks for Businesses
- None.
- None.
Insights
The survey results indicating a widespread recognition of the cybersecurity risks associated with APIs, yet a notable lack of investment in advanced security measures, underscores a significant disconnect within organizational priorities. It is evident that while decision-makers are aware of the potential threats, the allocation of resources does not align with the perceived risk. This could be due to a variety of factors, including budget constraints and a shortage of specialized knowledge in the field of cybersecurity.
The acknowledgment that 95% of respondents have experienced API security problems within the last year is a concerning statistic. This high incidence rate highlights the critical need for organizations to reassess their cybersecurity strategies and invest in robust API security to safeguard against account takeover attacks which could lead to operational disruptions and severe reputational damage. The delay in the rollout or integration of new applications due to security concerns further emphasizes the operational impact of inadequate API security measures.
From a financial perspective, the survey results may raise red flags for investors in companies within the cybersecurity sector, as well as those in industries heavily reliant on APIs. The reported lack of action on API security could indicate a potential risk for future financial losses due to cyberattacks. This is particularly pertinent for the financial services sector, which the survey suggests is lagging in urgency to address these risks.
Investors might consider the long-term implications of cybersecurity on a company's financial health. Companies that proactively address API security concerns could mitigate the risk of costly breaches and the associated fallout, which can include regulatory fines, legal fees and loss of customer trust. Conversely, companies that fail to invest in adequate security measures may face significant financial and reputational repercussions, which could negatively impact their stock performance.
From a risk management standpoint, the survey's insights point to a troubling trend where the recognition of risk does not translate into proactive measures to mitigate it. The reasons cited, such as 'insufficient budget' and a 'lack of expertise', suggest that organizations may be underestimating the potential cost of API-related cyber incidents. A comprehensive risk assessment should factor in not only the probability of cyberattacks but also the potential severity of their impact.
Organizations should consider the integration of single provider security solutions and AI as a means to streamline and enhance their cybersecurity posture. The adoption of such technologies could provide a more efficient and cost-effective approach to API security, potentially overcoming the budget and expertise hurdles that currently impede action.
- Fastly survey reveals that 9 out of 10 decision-makers know that APIs are a trojan horse for cyber-attacks - but most don’t invest in advanced security
-
UK is marginally ahead of the pack - but financial services sector shows a lack of urgency over the risk of reputationally-damaging cyber breaches - Single provider security solutions and AI could provide answers
Lack of advanced API security endemic
The ubiquity of APIs means they have become one of cybercriminals’ favourite gateways for account takeover attacks. In a recent survey by Fastly,
The lack of action on API breaches comes despite the vast majority of decision-makers knowing there is a problem.
Risk of operational and reputational damage
Jay Coley, Senior Security Architect at Fastly, said: “The results of our survey show that decision-makers know that increased reliance on APIs creates a risk of serious cyberattacks. But so far they are not doing enough about it. This is surprising given that the operational and reputational cost of a breach far outweighs the price of deploying a consolidated web application and API security solution from a single provider.”
Key areas of concern
Asked which attributes of an API security platform would be the most important to their company, respondents said number one would be identifying which APIs expose personal or sensitive data (
In Fastly’s experience, credential stuffing, business logic abuse, and DDoS attacks are just a few of the malicious automated bot attacks that are being deployed to take over accounts and perpetrate identity theft and fraud. Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defence techniques struggle to detect these potentially devastating incursions.
AI security solutions untapped – but coming
One solution to the complexity of the API landscape could be a new generation of AI-powered cybersecurity systems, but Fastly found there is currently little enthusiasm for this. Only
Sector-based and regional variations
One concerning aspect of Fastly’s survey is that heavily-regulated sectors dealing with sensitive data are some of the worst culprits when it comes to API inaction. Only
In terms of regional variations, the importance of API security was rated highly in the
One intriguing insight is the gulf in attitudes within company hierarchies.
To read the full report and understand how businesses can help establish a secure digital environment, visit https://learn.fastly.com/api-security-study-24.html.
About the research
This research surveyed 235 key IT and cybersecurity decision-makers in large organisations spanning multiple industries across the
About Fastly
Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver some of the best online experiences possible through edge compute, delivery, security, and observability offerings improving site performance, enhancing security, and empowering innovation at global scale. Compared to legacy providers, Fastly’s powerful and modern network architecture is one of the fastest on the planet, empowering developers to deliver secure websites and apps with rapid time-to-market and industry-leading cost savings. Organisations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Wendy’s, Stripe, Neiman Marcus, Universal Music Group, SeatGeek, and Advance Publications. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.
Source: Fastly, Inc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240320654923/en/
Media Contact:
Alex Klepel
press@fastly.com
Investor Contact:
Vernon Essi, Jr.
ir@fastly.com
Source: Fastly, Inc.
FAQ
What did the Fastly survey of 235 IT and cybersecurity decision-makers reveal?
How many decision-makers surveyed by Fastly had experienced API security problems in the last twelve months?
What were the commonly stated reasons for the lack of action on API breaches according to the survey?
Who is the Senior Security Architect at Fastly mentioned in the PR?