Security News > 2021 > February > 91% of enterprise pros experienced an API security incident in 2020
Experts have long worried about the security risks associated with the widespread use of APIs, with Gartner writing in a report that by 2022, API abuse will become the most common attack seen by security teams.
Salt Security's "The State of API Security - Q1 2021" confirms many of those fears, finding that of the nearly 200 enterprise security officials surveyed, 91% experienced an API security incident last year.
While small, the percentage of malicious traffic went from 0.45% of all customers' API traffic to 1.40%. "The vast majority of organizations are experiencing API security problems, few have the tools needed to cope, and most have had to delay innovation as a result," Salt Security's researchers wrote in the study.
The study notes that all customers of the security company have seen attacks that were able to get past WAFs and API gateways yet more than half of the respondents in the survey said they use alerts from WAFs or API gateways to identify API attacks.
The report said API documentation is often missing, incomplete, or inaccurate and found that 83% of respondents "Lack confidence in their API inventory." Among Salt Security's customers, it was common to find eight times the number of APIs that the enterprise had on record.
"We compiled the industry's first State of API Security Report to better understand the enterprise experience of APIs today," Eliyahu added.