92% of Orgs Had API Security Incidents Last Year, According to Report

Highlights:

• 92% of organizations reported having encountered at least one API-related security incident in the previous 12 months, according to a survey by ESG of 397 respondents on cloud-native applications and API security.
• Many businesses intend to increase their spending on API security tools (45%), cloud-native application protection platforms (CNAPPs) (43%), and integration application security and API security tools (41%) over the next 12 to 18 months.

Data Theorem, an application security provider, recently published a new report in collaboration with TechTarget’s Enterprise Strategy Group (ESG). 92% of organizations reported having encountered at least one API-related security incident in the previous 12 months, according to the survey of 397 respondents on cloud-native applications and API security.

A lot more needs to be done by many organizations to protect cloud-native applications and APIs from threat actors, as evidenced by the report’s additional finding that 57% of respondents had multiple API security incidents. The report is set to be released on May 5.

This happened only briefly after a hacker compiled and leaked the account information and email addresses of 235 million users in January 2023 using a Twitter API vulnerability released in June 2021 (now patched).

API Security Incidents Are ‘No Surprise’

The research highlighted the transient nature of the attack surface as one of the main issues. For example, 75% of businesses regularly modify or update their APIs, exposing security teams to new attack surfaces and vulnerabilities.

According to Melinda Marks, a Senior Analyst for ESG, “It’s no surprise that most organizations are experiencing API-related security incidents. Modern development cycles bring faster, more frequent product releases and updates, and the growing number of APIs that change on a daily or weekly basis make it imperative to address the changing attack surface. This rapid rate of change also creates shadow APIs and zombie APIs, which can be hackers’ favorite APIs to exploit because organizations often do not know about them.”

Nevertheless, many businesses intend to increase their spending on API security tools (45%), cloud-native application protection platforms (CNAPPs) (43%), and integration application security and API security tools (41%) over the next 12 to 18 months to address API security-related issues.

To help defenders harden their defenses against cyberattacks, CNAPPs and API security tools automate finding APIs and highlighting potential entry points.