In its 2023 State of API Security Report, security company Traceable reported a sharp increase in API-related data breaches. The report is based on feedback from 1629 cybersecurity experts in over six major industries across the United States, the United Kingdom and the European Union.
Fully 58% of respondents either strongly agree or agree that APIs are expanding the attack surface across all layers of the technology stack, with fully 57% saying that traditional defensive measures are not capable of distinguishing “legitimate from fraudulent activity at the API layer.”
- 74% Reported at least 3 API-related data breaches in the past two years
- 48% of Organizations say API sprawl is their top challenge
- Just 38% can distinguish between vaild API activity, user behaviors, and data flow
- Organizations are managing an average of 127 third-party API connections
- Majority are not confident in WAF, WAAP or Lifecycle Management Tools to protect APIs
“34% of organizations feel uncertain about the efficacy of their tools like WAF and WAAP, rating them as moderately effective (scores of 5 or 6). Meanwhile, 23% rate theirs as less effective (scores of 1 to 4). Although 43% find their solutions more satisfactory (scores of 7 to 10), it underscores that over half aren’t fully confident in their API security measures” the report stated.
An expert with Approov offers comments:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.