Nine In 10 Enterprises Had An API Security Incident In 2020: F5

F5’s new report “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” exposes security threats posed by the global proliferation of APIs. It cites sectors such as retail and financial services, and notes more generally that: “More than nine out of ten of enterprises experienced an API security incident in 2020. Every API thus becomes a point on the security perimeter that can be potentially compromised if not properly architected or protected.”

“The number of APIs by 2030 will be in the 100s of millions, making it a significant scalability, manageability, and security challenge for our customers and the industry. It does not matter what parameters of the model we tweak; API sprawl will be a global problem. Discovery, networking, integration, and security are set to become significant challenges for the entire Dev and Ops ecosystem.” “APIs are prone to fraud and malicious behavior. External APIs must be validated continuously for trust, and internal API keys can be compromised, giving attackers access to critical infrastructure. If data is the new oil, then APIs could unfortunately become the new plastic, with byproducts wreaking havoc on the ecosystem.”

George McGregor, VP with Approov who is an API security expert offers third party perspective:

“The report does discuss the issue of “secrets sprawl”, highlighting how secrets such as API keys are often exposed when spread across a distributed infrastructure. It only takes one such key to allow an attacker to access illicitly an application service through an API and gain access to critical infrastructure. However, the report does not fully explore how the exploitation of such stolen secrets can actually be blocked in real-time. Such solutions do exist and should be evaluated by anyone who wants to take API security seriously.”

This is going to become a huge issue, if it isn’t already. Thus companies need to come to grips with this quickly.

UPDATE: I got additional commentary from Giora Engel, CEO and Cofounder, Neosec:

“APIs are the building blocks of digital transformation and quickly become the main asset that security teams need to focus on, to protect the business. Discovering APIs is a first critical step, but the real security value comes from analyzing the security posture and being able to Detect & Respond to protect critical business logic.”

Leave a Reply

%d bloggers like this: