By John Iwuozor
APIs are a powerful tool for organizations to build innovative products and services. Research has shown that over 90% of developers use APIs and 56% have reported that APIs help them to develop better products. However, this increase in demand means there is also an increase in risk.
API security is not a new problem. It’s something that organizations have been trying to tackle for years. But as cloud computing becomes ubiquitous, we are seeing an explosion in demand for secure APIs that provide reliable access to information from different sources over different networks (and even in real time). This means that there are many more potential points of entry for malicious actors looking to exploit vulnerabilities in your infrastructure or steal sensitive data through unconventional methods.
This article highlights and expands on 7 API security related statistics you should be aware of:
41% of organizations suffered API security incidents in the past year
A survey conducted in January 2022 has shown that APIs are increasingly leveraged with an average of 15,564 APIs in use. 41% of organizations who participated in this survey have had an API security incident in the past 12 months with 63% of them specifying that these incidents included data breaches.
APIs will become the leading attack vector by 2022
Gartner has predicted that API attacks are expected to overtake other attack types as the most prevalent one by 2022, leading to data breaches for enterprise web applications.
API attacks increased by 681% in the past year
A survey carried out by Salt Security pointed out that API attacks on respondents increased dramatically. With malicious API traffic rising by 681% compared to a 321% rise in total API traffic, 62% of survey participants agreed that their concerns about API security have slowed the implementation of a new application.
API exploits has increased by 286%
In a careful study carried out by a security research team, they were able to analyze 17,500 security reports to manually distinguish 193 API exploits. From the first to the second quarter of 2022, it went from 50 to 142 exploits each quarter. This indicated an almost threefold increase.
55.2% of organization use WAAP to protect their APIs
In a survey carried out on 203 individuals representing organizations of 1,000 employees or more from multiple industry verticals, 55.2% of organizations indicated that they make use of web application and API protection (WAAP) to protect their APIs. 52.2% indicated web application firewall (WAF), 46.3% indicated API gateway, 38.9% voted for vulnerability scanners (static, dynamic, interactive) in production, 37.9% for runtime application self-protection (RASP) and 18.2% for bot management.
90% of organizations have API authentication policies in place
90% of respondents in the 2022 API Security Trends Report said their firms have API authentication policies in place, but 31% had doubts about whether those policies ensured acceptable levels of authentication.
91% of IT professionals believe API security should be considered a priority
This report shows that 91% of IT experts believe that API security should be prioritized especially because over 70% of corporate firms are expected to employ more than 50 APIs. 8 out of 10 IT administrators desire more authority over the APIs used by their company.
API security is critical in every company’s overall security strategy
The above statistics have highlighted the fact that the implications of poor API security can be devastating as companies become more and more reliant on APIs.
One of the best ways to know if your APIs are secure is to test them as it’s crucial to the development process. It’s important that you do this early and often so you can detect any vulnerabilities before they become a problem.
By using API security tools, you get to improve your security posture and stay on top of threats as they emerge. These tools can track and analyze how many requests go through each endpoint over time and help identify the location of vulnerabilities within your system architecture.
There are some other best practices that could be leveraged such as:
- Setting rate limits: Setting rate limits is the one of the most effective techniques to stop malicious attacks on an API. The maximum number of times an API can be called is set by a rate limit. By putting a rate limit in place, excessive attacks can be effectively managed.
- Using authentication and authorization to manage API access: Make sure users have access to just authorized systems, and that they are who they claim to be.
- Verifying and validating the input: Never send endpoint input from an API without first verifying it.
- Limiting data exposure: When an API assigns the responsibility of data filtering to the user interface rather than the endpoint, too much information can be given away. By ensuring APIs only return the data required to carry out their intended function, and obfuscating secret data, your API security situation can be improved.
- Encouraging safe API development and design: For the purpose of establishing and integrating APIs, establish secure coding and configuration procedures.
This set of statistics demonstrates the significant challenge that organizations face while protecting their applications from security attacks. However, by employing the right practices, you’ll be able to protect against unauthorized access, build a secure API and enforce access control.
About the Author: John Iwuozor is a freelance tech writer with proven expertise in the tech niche. This includes Data Science, Artificial Intelligence, Machine Learning, Natural Language Processing (NLP), Computer Vision, Image Recognition, IoT, Programming Languages, SaaS, and Cybersecurity. He is also a regular writer at Bora.