APIs continue to multiply as cloud and mobile infrastructures continue to evolve.
The growing risk of API security is directly proportional to the increasing volume of APIs. Almost every application that we interact with is powered by an API. Security issues connected with the development and use of APIs will continue to proliferate as more and more APIs are implemented to keep pace with evolving cloud and mobile infrastructures.
API security is often overlooked and can lead to costly consequences. Imperva estimates that the average annual cost of API cyber-related losses is $12-23 billion annually in the US alone. Akamai estimates that 83% of all internet traffic is API-based. And a Q1 State of API Security by Salt Security, cites that 94% of organizations have experienced API security problems in the past year.
Managing the API attack surface is an arduous task and API exploitable vulnerabilities are an easy target for cybercriminals. Flaws in API logic are a hackers’ gold mine. Unsecured APIs act as a conduit for threat actors to gain access into underlying network systems and sensitive PII data and to laterally move through those network systems. Publicly exposed APIs that provide integrations for customers and partners are at high risk for exploitation.
Most organizations struggle with visibility into what APIs are connected to their networks and what data is flowing through them, especially within cloud environments. This begs the necessity for implementing best practices for securing APIs to protect critical data and network infrastructures.