APIs function all through the digital world to assist cellular functions, allow cloud capabilities, energy GenAI instruments, and conduct invisible operations throughout each digital interplay. As the expansion of API utilization accelerates, Akamai’s 2024 API Safety Affect Report reveals that organizations discover it tough to align their safety efforts with the increasing threat area.
The third annual research by Akamai reveals that API incidents have developed from summary ideas into frequent occurrences that lead to monetary injury and human stress for safety professionals around the globe.
The Alarming Fact About API Safety
API safety incidents affected 84% of all companies up to now yr. Assaults are rising in quantity and inflicting extra vital monetary injury. API incidents in america now have a mean price of $591,404, with C-suite executives predicting that complete bills will attain $1 million.
The monetary prices signify just one a part of this case.
API incidents and different cyberattacks create vital stress for safety groups and might hurt a company’s popularity, in keeping with experiences from varied industries. To construct belief with their boards, stakeholders, and groups, CISOs and CIOs should shift their priorities to embody the complete API lifecycle and net utility administration.
Visibility Is Low, and Testing Stays Inadequate
API visibility has change into a major concern. Organizations’ API stock stays opaque, with solely 27% having a whole API stock able to figuring out their delicate information APIs, a lower from 40% final yr. Companies face safety dangers from APIs which can be tough to find and shield, together with shadow, rogue, zombie, and deprecated APIs.
Present testing strategies yield insufficient outcomes. The survey reveals that real-time testing happens occasionally amongst respondents. Actual-time testing serves as a vital safety measure in opposition to vulnerabilities; but solely 13% of respondents implement it. APIs stay uncovered to safety threats on account of inconsistent testing procedures between improvement and manufacturing phases.
API Safety Continues to Get Low Prioritization from Organizations
Regardless of its confirmed significance, API safety ranks ninth amongst organizational cybersecurity priorities for the upcoming yr. Safety groups are already totally burdened with detecting and defending in opposition to varied assaults, from ransomware to GenAI-driven threats, leaving little time for API safety. The hole between organizational priorities and precise each day operations permits API safety dangers to stay undetected.
APIs current varied safety challenges that have an effect on cloud infrastructure, assault floor administration, and information loss prevention. Organizations should handle this safety hole, because it poses a risk they will now not overlook.
What’s the Path Ahead?
The report gives actionable pointers for organizations to enhance their API safety posture maturity.
- Discovery: Organizations ought to set up automated API inventories and information classification as core ideas.
- Make investments: Organizations ought to put money into testing actions that embody pre-deployment assessments and ongoing manufacturing monitoring.
- Combine: Merging API-specific safety with Net Software and API Safety (WAAP) options provides organizations complete protection capabilities.
- Reply: To take care of a strong safety posture within the present risk atmosphere, organizations should conduct real-time detection, risk response, and post-incident forensic evaluation.
API safety has developed from an non-obligatory function to an important enterprise requirement. Organizations that fail to acknowledge the significance of API safety of their cybersecurity technique will face substantial monetary losses, operational disruptions, and everlasting injury to their popularity. The 2024 API Safety Affect Report from Akamai gives organizations with a exact plan to remodel their safety challenges into strategic benefits. Take quick motion in opposition to expensive breaches as an alternative of ready for them to occur.
Start your energetic API safety journey in the present day by downloading the total Akamai 2024 API Safety Affect Report by way of this hyperlink.
The content material supplied herein is for normal informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals relating to particular obligations and threat administration methods. Whereas LevelBlue’s Managed Menace Detection and Response options are designed to assist risk detection and response on the endpoint stage, they don’t seem to be an alternative choice to complete community monitoring, vulnerability administration, or a full cybersecurity program.
