Attacks targeting application programming interfaces (APIs) have increased 400% in the last six months. The findings, from a new Salt Security report, also show that 80% of these attacks occurred via authenticated APIs.
of State of API Security Q1 Report 2023summarizes survey responses of 400 security professionals and API developers, 94% of respondents have experienced security issues with their production APIs in the past year, and 17% have experienced an API-related breach. experience is shown.
Due to the impact of these security issues, almost half (48%) of respondents say API security has become a C-level discussion within their organization.
Salt Security CEO Roey Eliyahu said:
According to executives, the use of APIs greatly contributes to the digital transformation of businesses.
“However, the cost of API breaches, such as those recently experienced by T-Mobile, Toyota and Optus, are jeopardizing both business operations as well as new services and brand reputation,” added Eliyahu. .
Read more about the T-Mobile breach here: API attacker steals data from 37 million T-Mobile customers
The report also revealed that API management has become a critical business issue. More than half of respondents (59%) say they need to delay new application deployments due to API security concerns. Only 23% of respondents said their existing security approaches were highly effective in preventing API attacks.
According to the report, 90% of the investigations conducted by Salt Labs found API security vulnerabilities, and 50% of the vulnerabilities found should be considered critical.
“As bad actors continue to find new and unexpected ways to attack APIs, organizations need to get serious about protecting these critical assets,” Eliyahu concluded. .
For more information on API attacks, see this analysis by PJ Bradley.
