Security researchers suggest that more than a quarter (28%) of all cyberattacks in the UK have hit the financial services and insurance (FSI) industry in the last 12 months.
The data, provided via email from the Imperva cybersecurity team, also states that application programming interface (API) attacks, malicious bots and DDoS attacks were the top three security challenges in the industry last year. .
“The scale of the shadow API problem should be a concern for all businesses,” he said. Imperva.
According to executives, the notion that one-third of traffic is unmonitored indicates that organizations urgently need to revise their API protection strategies.
“Because APIs connect directly to the data layer, companies should view API security as an extension of their data security strategy,” added Zollo. “Every organization needs complete visibility into every API in their environment, knowing what data is flowing through each and who is accessing it.”
The claim comes nearly four years after open banking began demanding banks and other FSI businesses. Enable third party providers Access customer bank data via API.
According to Imperva, this has not only dramatically increased the amount of sensitive financial data these entities exchange, but also the number of APIs used in the FSI industry.
“The scale of unmonitored API traffic is significantly higher than other industries. This is because the FSI companies’ implementation of open banking standards inadvertently poses significant security threats to the industry as a whole. ,” the report said.
In terms of “malicious bots,” Imperva said these automated malicious software applications accounted for more than a quarter (27%) of all traffic to financial businesses last year. Did.
Account Takeover (ATO) attempts also heavily targeted the FSI industry, with about 40% of all ATOs attacking financial websites.
For more information on threats related to API usage, This article By security writer PJ Bradley.
