Over the past twelve months, the number of API attacks increased by 681 percent. “It’s no surprise that attackers continue to be successful”, states Michael Isbitski, Technical Evangelist at Salt Security. “Traditional security measures are unable to protect against sophisticated attacks.”
Salt Security, the developer of an API security platform, analyses the state of API security through surveys and data points. In the past 12 months, the number of API attacks rose nearly sevenfold.
The organization expects the growth to continue. API traffic increased by more than 300 percent. That’s good news for cybercriminals, as the more APIs are used, the larger the attack surface becomes.
API attacks are the norm
95 percent of organizations surveyed struggled with an API security incident in the past year. More than half defend themselves with API Gateways. Just over a third opt for Web Application Firewalls. The problem is that both Web Application Firewalls and API Gateways do not provide sufficient protection.
Strong API security starts with an overview of all APIs in an environment. That overview is rarely present. One-third of organizations have no strategy for API security. Only 11 percent actively test APIs to deny malicious traffic.
Some organizations want to improve, but can’t find a way. When asked about their companies’ API programs, almost half cited security as the leading worry. At the same time, 35 percent find a lack of resources or expertise to be the top obstacle for implementing an optimal strategy. 20 percent struggle with budget constraints.