Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

APIs are becoming a cybersecurity disaster zone

Image Description

Web application program interfaces (APIs) are growing increasingly popular, causing all manner of cybersecurity problems in the process.

This is according to a new report from Noname Security, which surveyed 3,000 employees across 350 businesses about challenges associated with APIs.

The company found that APIs are extremely popular these days, with an average organization leveraging 15,564 APIs in total, up 201% year-on-year.

Security incidents

However, many companies are facing problems. More than two in five (41%) have had an API-related cybersecurity incident in the last twelve months, with almost two-thirds (63%) of those involving a data breach, or data loss.

For example, one of the biggest marketing automation platforms and email marketing services, MailChimp, was breached by attackers who also also accessed API keys (now defunct) from an unknown number of customers. 

With the keys, the attackers could create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

Almost all (90%) companies have API authentication policies set up, but a third (31%) said they weren’t exactly confident these policies provided an adequate level of protection.

What’s more, a third (35%) have had projects delayed due to API security concerns, with 87% of those believing that integrating API security testing into developer pipelines could have prevented the delays. 

Read more

> Cybercriminals have abused API keys to steal millions in crypto

> MailChimp breach exposes hundreds of customer accounts

> Thousands of mobile app cloud databases have been left exposed online

Roughly half (51%) are fully confident in their API inventories, with a quarter (26%) adding that their inventory update processes are manual.

“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst at 451 Research. 

“This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”

Date

25 Apr 2022

Sources

Share

Other Blog

  • Microsoft wants to help fill thousands of cybersecurity jobs

    Software giant Microsoft has announced the launch of a national campaign to help train 250,000 people to boost the cybersecurity industry in the US.

    Announcing the news in a blog post, Microsoft President and Vice Chair Brad Smith said the four-year campaign looks to help fill a quarter-million jobs by the middle of the decade, with the nation’s public community colleges playing a key role.

    For its initial commitment, Microsoft will create a free cybersecurity curriculum available to all of the nation’s public community colleges. It will also provide training for new and existing faculty at 150 community colleges, and provide scholarships and supplemental resources to some 25,000 students.

    Cybersecurity jobs

    According to Smith, cybersecurity is a growing problem in the States, and could very well become a matter of national security. 

    “Foreign governments have tampered with the software supply chain, targeted on-premise servers, and hacked into sensitive government files,” he explains. “Criminal ransomware groups have attacked schools, penetrated hospitals, and shut down a critical national pipeline.”

    At the same time, the skills gap is only growing larger, making the problem that much more difficult to solve.

    “For almost every two cybersecurity jobs in the United States today, a third job is sitting empty because of a shortage of skilled people,” he continues. “Currently there are 464,200 open jobs in the United States that require cybersecurity skills. They account for 6% of all open jobs in the country.” 

    All in all, more than one out of every 20 open jobs in America today is a job that requires cybersecurity skills.

    To solve this problem, everyone needs to be involved, Microsoft believes, including nonprofits, tech industry giants, colleges, and universities. That’s why Smith believes community colleges will play a key role in tackling this growing problem: he believes they are diverse, flexible, affordable, effective, and present throughout the country.

    “We need to mobilize America’s community colleges and enlist them in the cybersecurity battle,” he concluded.

    You should also check out our list of the best firewalls right now

    Read More

  • You may never need to remember another Wi-Fi password again

    Chrome OS update looks to automatically sync Wi-Fi passwords between an individual’s Chromebook and Android device.

    Read More

  • New Intel Arc Alchemist GPU leak could be bad news for Nvidia

    Team Green could have a fight on its hands at the start of 2022, if this leak is to be believed.

    Read More

  • Post-pandemic responsibilities for a modern day CISO

    Businesses have been moving toward digital transformation for years, but COVID-19 has accelerated this movement.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us