Attacks against APIs are increasing so enterprises should begin to take the security aspects of API adoption more seriously.
Application programming interfaces (APIs) connect different technological services and systems. They can process queries from clients, deal with instructions server-side, and facilitate the fetching and processing of data.
While function sets in APIs can be of real value to an enterprise market that is becoming more data-driven every year, they also represent an emerging cybersecurity issue for users – with API-based attacks and the continued adoption of cloud technologies.
According to the reports I found online and my experiance, about 90% of IT professionals say API security should be considered a priority in the next two years, especially as over 70% of enterprise firms are estimated to use at least 50 APIs in their daily operations.
However, finding a holistic approach to this ‘backbone’ of API security remains a challenge. Over 80% of organizations are estimated to either use or plan to use, a centralized management solution for API security – such as an API Management (APIM) platform – but only a third of respondents believe their API setups are adequately protected from today’s cyberattacks.
Other statistics of note I found include:
- 20% of enterprises test their APIs daily for signs of abuse
- 4 out of 5 organizations enable either partners or users to access data using external APIs
- The current focus of API strategies is centered around application performance (65%) and development and integration (50%)
- Shadow APIs are considered the most vulnerable
- 60% of current solutions do not provide robust API protection
Companies cited integrating API solutions with current systems and workflows and gaining visibility into overall API usage as the main barriers to improving API security.