New research conducted at RSA Conference 2023 by Traceable AI found that while API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies. The first annual study also revealed that companies are struggling with unchecked API sprawl, lack of clarity on who owns API security, and do not baseline behavior as part of their security capabilities.
With insights from more than 100 cybersecurity professionals, the study showed that though 69% of organizations claim to factor APIs into their cybersecurity strategy, 40% of companies do not have dedicated professionals or teams for API security, while 23% of respondents do not know if there is dedicated API security in their organization. While many organizations (61%) don’t think they have experienced an API attack in the last 12 months, an alarming 36% of respondents are unsure.
CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity
Additional highlights include:
- 40% of organizations do not have a dedicated API security professional or team.
- API security ownership remains fragmented between different teams, with 38% of respondents claiming the CISO owns it, while 25% claim Development and/or DevOps takes ownership; and 24% of respondents simply don’t know.
- The majority of respondents (66%) either struggle with API sprawl, or do not know if their company is managing API sprawl effectively.
- 40% of cybersecurity professionals’ companies don’t have an API security solution, and 29% are unsure if their organization is securing APIs at all.
- Among those who have adopted API security tools, 25% of professionals’ solutions can’t baseline API behavior and identify abnormal activity potentially indicative of an API attack; a staggering 50% of respondents were not sure if their API security solution had these capabilities.
CIO INFLUENCE: SEEQC Unveils Italy’s First Quantum Computing System
“With APIs being a universal attack vector and the cause of some of the biggest data breaches in recent years, it’s very concerning to find out that 40% of organizations do not have a dedicated API security professional or team to tackle this problem, with 23% unsure if they had a team at all. Equally concerning is that 40% of organizations do not have an API security solution in place,” said Richard Bird, Chief Security Officer at Traceable. “In the past, hackers had to devise strategies for getting around existing defenses in order to locate data and interfere with systems. Now, they can simply exploit an API and obtain access to sensitive data without even exploiting the other solutions in the security stack. This is why more organizations need to take API security seriously and make it an integral part of their broader cybersecurity strategy.”
During RSA,Traceable also continued its commitment to API security with the announcement of its Zero Trust API Access solution, the first-of-its-kind solution that actively reduces your attack surface by minimizing or eliminating implied and persistent trust for your APIs. The announcement followed the news that Zero Trust pioneer John Kindervag and “Dr. Zero Trust” Chase Cunningham have joined Traceable as advisors.
CIO INFLUENCE: HP Chooses RISE with SAP to Help Drive Digital Transformation, Optimization and Efficiency
[To share your insights with us, please write to sghosh@martechseries.com]
