"Quarter of Firms Suffer an API-Related Breach"

In a new study conducted by researchers at Salt Security, 250 respondents were pooled across various job responsibilities, industries, and company sizes globally to compile a new report titled "State of API Security Report 2024." The researchers found that digital transformation projects appear to be accelerating faster than organizations' efforts to secure them, with nearly a quarter (23%) admitting they suffered a breach via production APIs last year.  The researchers noted that aside from breaches, almost all (95%) respondents claimed to have encountered API security problems over the previous 12 months, including vulnerabilities (37%), sensitive data exposure (38%), authentication problems (38%), denial of service (21%) and account misuse (24%).  The researchers believe that part of the problem is the rate at which APIs are increasing in these organizations.  The researchers revealed a 167% increase in API counts over the past 12 months, with two-thirds (66%) of respondents claiming to manage more than 100.  Yet, they are not stepping up security to manage this expanding attack surface.  Only 8% of responding companies consider their API security strategy to be "advanced," and nearly two-fifths (37%) don't have one in place at all.  Just 58% have processes in place to discover all the APIs in their environment.  That's despite nearly half (46%) claiming API security is a C-level discussion within their organization.  The researchers also found that just a fifth (21%) of respondents claimed their current API security approaches, like web app firewalls and API gateways, are effective in protecting against attacks.  Most participants (70%) highlighted "zombie" APIs as a great or strong concern, up from 54% in 2023.

Infosecurity Magazine reports: "Quarter of Firms Suffer an API-Related Breach"