![]() Surprisingly, AppSec teams had the lowest insights, with 44% saying they only had a partial understanding of their inventory and of APIs which returned sensitive data. ![]() In terms of visibility into their API inventories, CIOs appeared to have the best visibility around which APIs returned sensitive data. CIOs (19%) and Senior Security Professionals (21%) cited Network Firewalls, CISOs said Dormant/Zombie APIs (23%), CTOs felt that DDoS was the top attack type (21%), while AppSec teams said Authorisation Vulnerabilities (24%). There is an indication that attacks are coming from all sides with no one approach dominating. Disparities Across Different Job FunctionsĪgain, there were also disparities across the different job functions and what respondents considered to be the top API attack approaches. The above was reaffirmed by the Google Cloud 2022 API Security research report, which described there being “ a gap between the existence of security incidents and confidence that the tools are doing the job”. Delving into the responses from the different job functions surveyed, we found that CISOs were most likely to say they have experienced an API incident (81%), and AppSecs were least likely, with 53%. The responses also highlighted notable variations in how different roles view their security operations and API security. Worse, there was a level of over-confidence that their tools and providers were preventing attacks. Ineffective or low levels of testing of the API environment.Ineffective monitoring of the API environment.This points to the need for further education by Security, AppSec, and Development teams around the realities of API security. One which was disproportionately high in comparison to the number and severity of API-related breaches. There was a level of misplaced confidence around API security. We found a clear disconnect between what is happening in the real world and organisational attitudes towards API security. A Disconnect Around What is Happening in the Real World They came from various industry verticals, including Retail & eCommerce, Financial Services, Government & Public Sector, Manufacturing and Energy & Utilities. Within this cohort, there was a mix of CISOs, CIOs, CTOs, senior security professionals and AppSec professionals. We surveyed 600 senior cybersecurity professionals in the UK and USA. In September 2022, we commissioned research to understand how CISOs and senior cybersecurity professionals are approaching the challenge of securing their APIs in this intense and complex threat environment. ![]() This means there will be even more need for comprehensive threat intelligence, monitoring, and alert detection solutions in place, including more robust API security solutions. Additionally, a stunning 83% of organisations surveyed reported having suffered more than one data breach. Why? Because they’re a pathway for hackers to access vast amounts of sensitive data.Īccording to IBM’s 2022 Cost of a D ata Breach Report, the average costs increased to USD 4.35 million in 2022, climbing 12.7% from USD 3.86 million in the 2020 report. However, they are also an increasingly common attack vector for cybercriminals. Effectively, APIs enable applications, containers, and microservices to exchange data and information quickly, so consumers experience more convenience on their digital devices and when using online services. Organisations depend upon them to evolve their digital strategies, innovate, and grow. How do they prepare their environment and secure the growing number of APIs?ĪPIs are at the heart of digital transformation initiatives. The growing threat landscape is posing questions for CISOs and other security professionals. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |