A new report from Imperva Inc., reveals that API and bot attacks are costing businesses up to $186 billion annually as incidents surge. The report, titled “Economic Impact of API and Bot Attacks,” shares analysis of over 161,000 cybersecurity incidents. Conducted in conjunction with a study by the Marsh McLennan Cyber Risk Intelligence Center, the report highlights how large organizations with over $1 billion in revenue are two to three times more likely to experience automated API abuse by bots compared to smaller companies.
The report points to the sheer volume of APIs as a key vulnerability. On average, enterprises managed 613 API endpoints in 2022, exposing them to increasing risks as API ecosystems expand. Imperva Threat Research found that automated threats accounted for 30% of all API attacks in 2023, contributing to losses of up to $17.9 billion annually from API bot abuse.
Nanhi Singh, general manager of application security at Imperva, emphasized the urgency, stating, “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” Singh warns that without proactive measures, the economic toll from these automated threats will continue to rise as API ecosystems grow and bots evolve.
George McGregor, VP, Approov Mobile Security had this to say:
“It would have been interesting to see specific analysis of the economic impact of mobile originating bots which are a growing threat to APIs. These are hard to stop using back-end security techniques because of a lack of visibility to contextual information about use of mobile apps and devices.
“Blocking mobile bots and botnets effectively requires methods that capture detailed information about the devices and apps which originate requests to APIs. Also, there is limited coverage of applying a Zero Trust approach to API security where every request is validated in real time using contextual information.”
With the amount of money that is lost due to bots, this is a today problem that needs to be addressed in a meaningful way and done so quickly. Because this is a problem that is only going to get worse.
Related
This entry was posted on September 18, 2024 at 3:57 pm and is filed under Commentary with tags Thales. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
API and Bot Attacks Cost Businesses $186 Billion Annually
A new report from Imperva Inc., reveals that API and bot attacks are costing businesses up to $186 billion annually as incidents surge. The report, titled “Economic Impact of API and Bot Attacks,” shares analysis of over 161,000 cybersecurity incidents. Conducted in conjunction with a study by the Marsh McLennan Cyber Risk Intelligence Center, the report highlights how large organizations with over $1 billion in revenue are two to three times more likely to experience automated API abuse by bots compared to smaller companies.
The report points to the sheer volume of APIs as a key vulnerability. On average, enterprises managed 613 API endpoints in 2022, exposing them to increasing risks as API ecosystems expand. Imperva Threat Research found that automated threats accounted for 30% of all API attacks in 2023, contributing to losses of up to $17.9 billion annually from API bot abuse.
Nanhi Singh, general manager of application security at Imperva, emphasized the urgency, stating, “It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden.” Singh warns that without proactive measures, the economic toll from these automated threats will continue to rise as API ecosystems grow and bots evolve.
George McGregor, VP, Approov Mobile Security had this to say:
“It would have been interesting to see specific analysis of the economic impact of mobile originating bots which are a growing threat to APIs. These are hard to stop using back-end security techniques because of a lack of visibility to contextual information about use of mobile apps and devices.
“Blocking mobile bots and botnets effectively requires methods that capture detailed information about the devices and apps which originate requests to APIs. Also, there is limited coverage of applying a Zero Trust approach to API security where every request is validated in real time using contextual information.”
With the amount of money that is lost due to bots, this is a today problem that needs to be addressed in a meaningful way and done so quickly. Because this is a problem that is only going to get worse.
Share this:
Like this:
Related
This entry was posted on September 18, 2024 at 3:57 pm and is filed under Commentary with tags Thales. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.