Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

APIs are becoming a cybersecurity disaster zone

Image Description

Web application program interfaces (APIs) are growing increasingly popular, causing all manner of cybersecurity problems in the process.

This is according to a new report from Noname Security, which surveyed 3,000 employees across 350 businesses about challenges associated with APIs.

The company found that APIs are extremely popular these days, with an average organization leveraging 15,564 APIs in total, up 201% year-on-year.

Security incidents

However, many companies are facing problems. More than two in five (41%) have had an API-related cybersecurity incident in the last twelve months, with almost two-thirds (63%) of those involving a data breach, or data loss.

For example, one of the biggest marketing automation platforms and email marketing services, MailChimp, was breached by attackers who also also accessed API keys (now defunct) from an unknown number of customers. 

With the keys, the attackers could create custom email campaigns and send them to mailing lists without accessing the MailChimp customer portal.

Almost all (90%) companies have API authentication policies set up, but a third (31%) said they weren’t exactly confident these policies provided an adequate level of protection.

What’s more, a third (35%) have had projects delayed due to API security concerns, with 87% of those believing that integrating API security testing into developer pipelines could have prevented the delays. 

Read more

> Cybercriminals have abused API keys to steal millions in crypto

> MailChimp breach exposes hundreds of customer accounts

> Thousands of mobile app cloud databases have been left exposed online

Roughly half (51%) are fully confident in their API inventories, with a quarter (26%) adding that their inventory update processes are manual.

“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst at 451 Research. 

“This report should help enterprises of all sizes across various sectors make the informed decisions they need when developing their API security strategy.”

Date

25 Apr 2022

Sources

Share

Other Blog

  • Row with Google: Indian startup founders in no mood to relent

    A team of high profile founders in the Indian startup universe met the antitrust regulator to highlight Google's monopoly in the app ecosystem.

    Read More

  • Micron wants to kill hard disk drives with new super cheap flash memory

    176-layer NAND delivers a 37% improvement on current technology.

    Read More

  • Google Chrome is getting a long-overdue data privacy upgrade

    Google has announced that it has reconfigured the Privacy and Security settings in its latest Chrome beta release in a bid to streamline the ability to delete data stored by websites.

    Google claims the move will enable users of the web browser to better understand and manage their privacy on the web by providing more clarity on controlling a site’s storage settings.

    Starting with the Chrome 97 Beta release, the Privacy and Security settings page has been redesigned to enable users to delete all data stored by an individual site with a single click.

    TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    >> Click here to start the survey in a new window

    Granularity for developers

    At the same time, Google has announced that it is moving the ability to delete individual cookies into DevTools. 

    It contends that thanks to this rearrangement, the ability to delete individual cookies will remain accessible for web developers who are the intended audience for this level of granularity.

    Google further adds that the change will create a “clearer experience for users,” since most visit the settings page to zap all cookies rather than individual ones. In fact, moving away the ability to remove individual cookies will help reduce the likelihood of accidentally breaking a website.

    “We believe that simplifying the granular controls from Settings creates a clearer experience for users. By providing users the ability to delete individual cookies, they can accidentally change the implementation details of the site and potentially break their experience on that site, which can be difficult to predict,” explains Google.

    It adds that the granular control over the cookies was a feature that was primarily designed for and used by developers, which makes DevTools the natural home for the functionality, where they will “continue to gain access to more technical detail on a per-cookie or per-storage level as needed.”

    If you are concerned about online privacy, use one of the best business VPN services

    Read More

  • This Dell XPS 13 deal drops the price to just $679.99

    Dell XPS 13 deals are dropping even further in price this week, down to the cheapest we've seen them go for yet.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us