A vast majority of security leaders are aware that application programmable interfaces (APIs) have become a worrying attack vector. Yet, in a new study, cloud computing service provider Fastly found that most don’t invest in advanced security to protect them.
With organizations increasingly relying on multi-cloud environments, APIs have become key assets. They allow applications and services to communicate with each other and via cloud services.
During Infosecurity’s Spring 2024 Online Summit, Confidence Staveley, founder of MerkleFence and author of the book API Security for White Hat Hackers, called APIs “the waiters of the internet” – taking the user's order and acting as the intermediary for delivery.
Watch: Securing APIs in the Cloud Frontier
API Security Incidents, Frequent and Impactful
Therefore, API security incidents can be very damaging for organizations. Security leaders are aware of the potential impact this can have on their organizations, with 79% of the companies surveyed by Fastly placing a high or very high level of importance on API security.
Additionally, API security issues are persistent. Over nine out of 10 (95%) respondents said they have experienced API security problems in the last twelve months. Over three quarters (79%) have even delayed the rollout or integration of a new application due to API security concerns.
Lack of Budget and Skills Leads to Insufficient API Security Measures
This high level of concern has not yet translated into action, as 84% of respondents admitted to not having advanced API security in place.
The most common reasons for this were ‘insufficient budget’ and a ‘lack of expertise.’
Jay Coley, Senior Security Architect at Fastly, commented: “The results of our wide-ranging survey show that decision-makers know that increased reliance on APIs creates a risk of serious cyberattacks. But so far they are not doing enough about it.
“This is surprising given that the operational and reputational cost of a breach far outweighs the price of deploying a consolidated web application and API security solution from a single provider.”
Can AI Fill the API Security Gap?
In the study, Fastly argued that one solution to better secure the complex API landscape on a limited budget “could be a new generation of AI-powered cybersecurity systems, but Fastly found there is currently little enthusiasm for this. Only 14% of companies surveyed regarded the use of AI technologies in API security as a priority.”
“That said, 58% anticipate that generative AI will have a ‘large or very large’ impact on API security over a window of approximately 2-3 years.”
The results of this study come from a survey of 235 key IT and cybersecurity decision-makers in large organizations across multiple industries in the UK, France, Spain, the Nordics, and the DACH region.