An industry-focused report on application programming interface (API) security reveals the perilous state of the financial services sector.
especially, of salt security 2023 The State of Financial Services and Insurance API Security Published July 19, 2023, the report reveals critical vulnerabilities and alarming API attacker activity in these industries.
Nearly 70% of financial services and insurance companies face deployment delays due to API security issues, according to new data. Also, 92% of them have experienced security issues with production APIs in the past year, and about 1 in 5 of them have suffered an API security breach.
Additionally, the findings highlight an increase in API attacker activity, with a 244% increase in unique attackers between H1 and H2 2022.
In particular, 84% of attacks against financial services and insurance originated from legitimate-looking “authenticated” users who were actually malicious actors. This suggests that security tools are under-equipped to prevent API attacks, a concern shared by 71% of respondents in finance and insurance.
Read more about API-focused attacks: Attacks targeting APIs grew 400% in the last 6 months
“Salt Security’s findings highlight why enterprises need to not only monitor APIs for attacks, but also test for vulnerable code in APIs throughout the development lifecycle,” said co-founder and CSO. commented Scott Gerlach of stack hawk.
“Many API vulnerabilities are logical in nature and should be done to find the problem at hand. It can only be achieved by
According to the report, API security is now a C-level issue for 56% of these companies, and 79% of CISOs believe it’s a higher priority than it was two years ago.
The survey findings also reveal a lack of preparedness in API protection, with 28% of respondents admitting that they do not currently have an API strategy. Additionally, 42% are unsure of identifying APIs that expose personally identifiable information (PII).
” [OWASP] first created Top 10 API Security 2019 A new edition was released earlier this year, but overall, there is still a huge need for education, tools for both attackers and defenders, and standards and best practices on how to secure APIs,” said Georgia Wide, Security Director. Mr Mann said.the architect of cymperium.
“The Salt Security Report clearly reflects that while the software and security industries have a lot to do in this area, bad actors are already working hard to capitalize on the lack of API security. doing.”
For more information on API security, see: This analysis published in June Information security magazine.
