A recent study by Salt Security has highlighted significant security issues with production APIs in organizations, leading to breaches and a lack of advanced API security programs.

Description

The study revealed that 95% of organizations have faced security issues with their production APIs, resulting in breaches for 23% of them. There has been a 167% increase in the number of APIs within organizations over the past year. However, only 7.5% of organizations consider their API security programs to be ‘advanced’ [2] [3] [4] [5] [6] [7] [8] [9], and 37% do not have an active API security strategy in place [2]. Concerns are rising over “zombie” APIs [1], with 70% of respondents highlighting them as a significant concern [2] [4]. Over a third of organizations update their APIs at least once a week [2], indicating a need for more efficient security measures. The study emphasizes the lack of maturity in API security and posture governance in many organizations [6], leading to an increase in API security incidents and attack traffic [4] [6] [8]. API security incidents have more than doubled in the past year [2] [4] [8], with 37% of organizations reporting incidents. Organizations are encouraged to adopt a more sophisticated approach to API security [2], including strong API discovery capabilities and a posture governance strategy [2] [5] [9].

Conclusion

The findings of the study underscore the urgent need for organizations to enhance their API security measures to mitigate the increasing risks of security breaches. By implementing stronger API discovery capabilities and a posture governance strategy [2] [5] [9], organizations can better protect their APIs and safeguard against potential security incidents in the future.

References

[1] https://www.infosecurity-magazine.com/news/quarter-firms-suffer-api-related/
[2] https://betanews.com/2024/06/18/security-problems-driven-by-increased-api-usage/
[3] https://vmblog.com/archive/2024/06/18/salt-security-state-of-api-security-report-reveals-95-of-respondents-experienced-api-security-problems-driven-by-accelerated-api-usage.aspx
[4] https://www.securityinfowatch.com/cybersecurity/press-release/55089696/salt-security-salt-security-releases-2024-state-of-api-security-report
[5] https://finance.yahoo.com/news/salt-security-state-api-security-120000539.html
[6] https://tiinside.com.br/18/06/2024/95-das-empresas-enfrentam-problemas-de-seguranca-com-apis-apura-novo-relatorio/
[7] https://cioinfluence.com/security/salt-security-state-of-api-security-report-reveals-95-of-respondents-experienced-api-security-problems-driven-by-accelerated-api-usage/
[8] https://salt.security/press-releases/salt-security-state-of-api-security-report-reveals-95-of-respondents-experienced-api-security-problems-driven-by-accelerated-api-usage
[9] https://www.prnewswire.com/news-releases/salt-security-state-of-api-security-report-reveals-95-of-respondents-experienced-api-security-problems-driven-by-accelerated-api-usage-302174946.html