March 19, 2024 at 01:12PM
APIs play a crucial role in digital modernization, with a majority of internet traffic attributed to API calls. The State of API Security in 2024 Report highlights the risks related to inadequate API management, particularly in the banking and online retail sectors. It emphasizes the need for continuous monitoring and robust security measures to protect against cyber threats.
Key Takeaways from the Meeting Notes:
1. The State of API Security in 2024 Report from Imperva highlights the increasing volume of internet traffic passing through APIs, with 71% of internet traffic being API calls in 2023. The average enterprise site saw 1.5 billion API calls in the same year.
2. Despite best efforts to adopt shift-left frameworks and SDLC processes, many APIs are pushed into production before being cataloged, authenticated, or audited. Organizations have an average of 613 API endpoints in production, and this number is rapidly expanding.
3. APIs have become a common attack vector for cybercriminals, with a study finding that API-related security incidents cost global businesses as much as $75 billion annually.
4. Banking and online retail reported the highest volumes of API calls, making them prime targets for API-related attacks, particularly account takeover (ATO) attacks, which accounted for nearly half of all ATO attacks in 2023.
5. Mismanaged APIs, including shadow, deprecated, and unauthenticated APIs, pose significant security risks for organizations, with approximately 10% of APIs being vulnerable to attack due to mismanagement.
6. Imperva recommends several measures to mitigate API security risks, including regular audits to identify unmonitored or unauthenticated API endpoints, establishing a robust monitoring system for API endpoints, and adopting an integrated API security approach that includes Web Application Firewall (WAF), API Protection, Distributed Denial of Service (DDoS) prevention, and Bot Protection.
Overall, the meeting notes underscore the critical need for organizations to address API security risks as APIs continue to play a crucial role in digital modernization.