"API Security Grows More Critical, Even as Organizations Lack Means to Address the Risk"
When enterprises migrate to the cloud, they become more reliant on Application Programming Interfaces (APIs) for core business operations. Most organizations have experienced at least one API-related attack in the last year, according to the findings of a recent CyberRisk Alliance (CRA) Business Intelligence survey of 250 IT and cybersecurity decision-makers. Leaders in IT and security have taken notice of this trend: API security has become more important in the last two years, as reported by 94 percent of organizations with APIs. The stakes are immeasurably high, as with any cybersecurity concern, from the financial costs of a data breach to meeting the growing demand for robust security from clients and business partners. Despite the fact that many organizations have various API standalone protection tools in place, respondents frequently regard these solutions as ineffective and incomplete, especially when it comes to tracking undocumented (rogue or shadow) APIs and expired (zombie) APIs. Although the CRA study discovered that API security has become more critical for virtually all organizations with APIs in the last two years, this shift in priority has not made addressing these concerns any easier. Many organizations, as with other aspects of cybersecurity, struggle to achieve the visibility, control, and resources required for optimal API protection. Just over half (58 percent) believe their organization's API security solution provides adequate protection against sophisticated bot or Distributed Denial-of-Service attacks (DDoS) attacks. Furthermore, nearly eight out of ten (79 percent) report that their organization has implemented an API security protection platform. While a plethora of API security tools provide various piecemeal solutions, according to CRA, the market for comprehensive, integrated API security platforms is still in its early stages in 2022. This article continues to discuss key findings from the CRA report regarding API security.