Skip to main content

APIs are becoming a cybersecurity disaster zone

programming
(Image credit: Pixabay)
Audio player loading…

Web application program interfaces (APIs) are growing increasingly popular, causing all manner of cybersecurity problems in the process.

This is according to a new report from Noname Security, which surveyed 3,000 employees across 350 businesses about challenges associated with APIs.

The company found that APIs are extremely popular these days, with an average organization leveraging 15,564 APIs in total, up 201% year-on-year.

(opens in new tab)

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

Security incidents

However, many companies are facing problems. More than two in five (41%) have had an API-related cybersecurity incident in the last twelve months, with almost two-thirds (63%) of those involving a data breach, or data loss.

For example, one of the biggest marketing automation platforms and email marketing services, MailChimp, was breached by attackers who also also accessed API keys (now defunct) from an unknown number of customers. 

With the keys, the attackers could create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

Almost all (90%) companies have API authentication policies set up, but a third (31%) said they weren’t exactly confident these policies provided an adequate level of protection.

What’s more, a third (35%) have had projects delayed due to API security concerns, with 87% of those believing that integrating API security testing into developer pipelines could have prevented the delays. 

Roughly half (51%) are fully confident in their API inventories, with a quarter (26%) adding that their inventory update processes are manual.

“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst at 451 Research. 

“This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.