Security News > 2023 > May > The fragmented nature of API security ownership
While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security.
With insights from more than 100 cybersecurity professionals, the study showed that though 69% of organizations claim to factor APIs into their cybersecurity strategy, 40% of companies do not have dedicated professionals or teams for API security, while 23% of respondents do not know if there is dedicated API security in their organization.
API security ownership remains fragmented between different teams, with 38% of respondents claiming the CISO owns it, while 25% claim Development and/or DevOps takes ownership; and 24% of respondents simply don't know.
Among those who have adopted API security tools, 25% of professionals' solutions can't baseline API behavior and identify abnormal activity potentially indicative of an API attack; 50% of respondents were unsure if their API security solution had these capabilities.
"With APIs being a universal attack vector and the cause of some of the biggest data breaches in recent years, it's very concerning to find out that 40% of organizations do not have a dedicated API security professional or team to tackle this problem, with 23% unsure if they had a team at all. Equally concerning is that 40% of organizations do not have an API security solution in place," said Richard Bird, CSO at Traceable.
"In the past, hackers had to devise strategies for getting around existing defenses in order to locate data and interfere with systems. Now, they can simply exploit an API and obtain access to sensitive data without even exploiting the other solutions in the security stack. This is why more organizations need to take API security seriously and make it an integral part of their broader cybersecurity strategy," concluded Bird.
News URL
https://www.helpnetsecurity.com/2023/05/23/api-security-concern/