Security News

As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. "More companies are adopting an API-first approach to software development, and for the second year in a row, outperforming organizations that haven't. Beyond the technical advantages, organizations are also seeing a direct impact on their bottom line, reporting their APIs as revenue generators. This outlook, combined with the rising use of AI tools, is fundamentally changing our relationship to software and the way we build it - and APIs are at the center of this shift," said Abhinav Asthana, CEO of Postman.

As a caution, the company has invalidated existing admin API keys to protect its customer organizations. The reader in question is among JumpCloud customers who received an email today from the firm stating that existing admin API keys had been invalidated while JumpCloud investigates an "Ongoing incident."

How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the "Quantifying the Cost of API Insecurity" report, US businesses incurred upwards of $23 billion in losses from API-related breaches in 2022.

It's essential to have a robust API security posture to protect your organization from potential threats. API posture management refers to the process of monitoring and managing the security posture of your APIs.

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. For Honda, Eaton Works exploited a password reset API to reset the password of valuable accounts and then enjoy unrestricted admin-level data access on the firm's network.

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls.

While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security. With insights from more than 100 cybersecurity professionals, the study showed that though 69% of organizations claim to factor APIs into their cybersecurity strategy, 40% of companies do not have dedicated professionals or teams for API security, while 23% of respondents do not know if there is dedicated API security in their organization.

Hackers are increasingly exploiting APIs to gain access to and exfiltrate sensitive data. When you unpack this statistic, it becomes rapidly clear that APIs interact with all types of data - including sensitive data like credit card information, health records, social security numbers, etc.

In several high-profile incidents, application programming interfaces emerged as a primary attack vector, posing a new and significant threat to organizations' security posture, according to Cequence Security. "As attack automation becomes an increasingly prevalent threat against APIs, it's critical that organizations have the tools, knowledge and expertise to defend against them in real- time," Talwalkar added.

For the first time, mobile Safari was one of the leading self-reported user agents, while the volume of bots claiming to be mobile browsers increased 42.78%. In 2020 and 2021, bad bots became the pandemic of the internet as automation became more sophisticated. "Cybercriminals will increase their focus on attacking API endpoints and application business logic with sophisticated automation. As a result, the business disruption and financial impact associated with bad bots will become even more significant in the coming years," Triebes continued.