Increased API adoption and AI-powered bot attacks are on the rise and costing global organizations tens of billions of dollars annually, according to a new study from Thales.
The firm’s new Economic Impact of API and Bot Attacks report is based on analysis of 161,000 cybersecurity incidents by Thales business unit Imperva and the Marsh McLennan Cyber Risk Intelligence Center.
It claimed that the cost of insecure APIs has increased from $12bn in 2021 to $35-87bn today, while up to $116bn can be attributed to bot attacks. The average losses associated with bot and API threats combined is calculated at $94-186bn.
The report noted that rapid adoption of APIs, low levels of in-house know-how and poor communication between security and development teams is exacerbating the problem. Threat actors often use automated bots to probe for exposed, insecure and/or misconfigured APIs, it said.
Read more on API threats: Security Leaders Acknowledge API Security Gaps Despite Looming Threat
APIs are a popular target as they can provide a direct pathway to sensitive enterprise and customer data.
The report also claimed that generative AI is helping even inexperienced threat actors to launch sophisticated bot attacks by enhancing evasion techniques.
Larger Companies in the Crosshairs
Thales revealed that companies with revenue of at least $100bn are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats comprise 26% of all security incidents faced by such organizations, versus an average of 12%.
The reason is that bigger companies are more likely to have large, complex API ecosystems that contain exposed and insecure APIs. The average enterprise managed 613 API endpoints in production last year, according to the report.
“Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models,” argued Nanhi Singh, general manager of application security at Imperva.
“At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”
He added that the interconnected nature of the threat means organizations must integrate security strategies for both bot and API attacks.