Security News > 2023 > April > API security becoming C-level cybersecurity concern
Mani Sundaram, executive vice president and general manager of the security tech group at Akamai said, "Enterprises expose full business logic and process data via APIs, which, in a cloud-based economy, are vulnerable to cyberattacks. Neosec's platform and Akamai's application security portfolio will allow customers to gain visibility into all APIs, analyze their behavior and protect against API attacks."
One example illustrates how effective a relatively simple API attack can be: the NCC Group, in its 2022 annual Threat Monitor, noted that Australian telecom Optus had the personal information of 10 million customers exposed in a data breach accessed through an exposed API. Roey Eliyahu, co-founder and CEO, Salt Security noted that while APIs are powering digital transformation delivering new business opportunities and competitive advantages, "The cost of API breaches, such as those experienced recently at T-Mobile, Toyota and Optus, put both new services and brand reputation, in addition to business operations, at risk."
Because of the ubiquity of APIs as intermediaries in more and more cloud native transactions, Chokshi said he sees the API security market potentially becoming a security superset.
"It's becoming white hot, and lots of folks are trying to get involved in API security because there's a growing recognition that they are the number one attack vector," he said, noting that in 2022, Gartner had estimated that by last year, APIs would be the No. 1 attack vector.
Phillips, who said Noname employs a "Left of boom" approach - essentially shifting left to address API vulnerabilities before an incident makes them obvious - predicts there will be more consolidation that brings API security capabilities under the aegis of major players.
"There's enough recognition in the industry that API security is growing. APIs have been around for a long time but recognition of vulnerabilities hasn't. Attacks are increasing but the question becomes what's the impact? Is the pain of the attack enough to drive action?".
News URL
https://www.techrepublic.com/article/api-akamai-acquires-neosec/
Related news
- One-Third of UK Teachers Lack Cybersecurity Training, While 34% Experience Security Incidents (source)
- The dark side of API security (source)
- Product showcase: Shift API security left with StackHawk (source)
- A closer look at the 2023-2030 Australian Cyber Security Strategy (source)
- The ROI of Security Investments: How Cybersecurity Leaders Prove It (source)