Be part of prime executives in San Francisco on July 11-12, to listen to how leaders are integrating and optimizing AI investments for achievement. Learn More
At the moment, utility safety supplier Data Theorem, introduced the discharge of a brand new report in partnership with TechTarget’s Enterprise Technique Group (ESG). ESG surveyed 397 respondents on cloud-native functions and API safety and located that 92% of organizations skilled not less than one API-related safety incident within the final 12 months.
The report, scheduled to launch on Could 5, additionally revealed that 57% skilled a number of API safety incidents, highlighting that many organizations nonetheless have much more to do to defend cloud-native functions and APIs in opposition to menace actors.
This comes simply months after a hacker used a Twitter API vulnerability shipped in June 2021 (now patched) to compile and leak the account particulars and e-mail addresses of 235 million customers in January 2023.
API safety incidents ‘no shock’
One of many key challenges unveiled by the analysis was the transient nature of the assault floor. As an example, 75% of organizations usually modified or up to date their APIs on a day by day or weekly foundation, creating new vulnerabilities within the assault floor for safety groups to confront.
“It’s no shock that almost all organizations are experiencing API-related safety incidents,” mentioned Melinda Marks, senior analyst for ESG within the announcement press launch.
“Fashionable improvement cycles convey quicker, extra frequent product releases and updates, and the rising variety of APIs that change on a day by day or weekly foundation make it crucial to handle the altering assault floor. This speedy price of change additionally creates shadow APIs and zombie APIs, which may be hackers’ favourite APIs to use as a result of organizations typically have no idea about them,” Marks mentioned.
Nevertheless, many organizations wish to tackle API safety by rising their spending over the following 12–18 months by investing in API safety instruments (45%), cloud-native utility safety platforms (CNAPPs) (43%), and integration utility safety and API safety instruments (41%).
CNAPPs and API safety instruments present automated help in discovering APIs and highlighting potential entry factors, giving defenders beneficial perception into find out how to harden their defenses in opposition to cyberattacks.