Tech

Financial services API and web application attacks increased by 257%


Check out the on-demand sessions from Low-Code/No-Code Summit to learn how to innovate successfully and achieve efficiency by upskilling and scaling citizen developers. Watch now.


Attack surface management is one of the toughest challenges facing modern security teams. In today’s hybrid and multi-cloud environment, every single application and API is a potential target that cybercriminals can and will exploit.

Today, CDN . providers Akamai Technology, Inc. released a new report revealing a 257% growth in API and web application attacks on financial services institutions year on year.

The same report also found that DDoS attacks against financial services institutions increased by 22% year over year and found that threat actors are using the techniques in phishing campaigns. their to bypass two-factor authentication solutions.

While the findings are relevant to financial services organizations, the report has broader implications for businesses and highlights that web applications and APIs are a core target of future cybercriminals. .

Incident

Smart Security Summit

Learn the critical role of AI & ML in cybersecurity and industry-specific case studies on December 8. Register your free ticket today.

Register now

Increasing API attacks and attack surface

Akamai isn’t the only vendor catching up with the growing trend of API attacks. Research released by Noname Security found that 41% of organizations experienced an API security issue in the last 12 months, 63% related to a data breach or data loss.

One of the main reasons why the high number of API exploits targeting financial services businesses and institutions is that there is a vast attack surface of web applications and APIs that most security teams cannot afford. no resources or expertise to defend.

“Companies have moved critical infrastructure to APIS, so criminals are tracking revenue. But on top of that, the APIs are newer and, in many cases, don’t have the same maturity level in security controls and processes, so are more vulnerable,” said CISO Advisor at Akamai, Steve Winterfield. .

“Ultimately, they are easier to automate attacks because they are designed for automation. These factors come together to make the API a smart place for attackers to focus. This is also why CISOs need to focus on them,” says Winterfield.

Towards API security

There are several steps businesses can take to increase their resilience to API threats.

At a high level, Gartner recommends that organizations invest in technology to automate API discovery, cataloging, and validation, and develop a security strategy that combines API security testing and API access control.

Increased transparency over which internal and third-party APIs are used ensures that businesses can start mitigating potential vulnerabilities on the attack surface.

Additionally, Winterfield recommends that businesses review their risk models to determine if they are classifying customer threats and fraud appropriately based on this new data, and update Phishing prevention measures to combat the latest MFA attacks with FIDO2 compliance capabilities.

More broadly, implementing industry best practices and processes such as Online murder chain and NIST’s Zero Trust 800-207 Architecture can help provide greater cyber resilience to the latest threats.

VentureBeat’s Mission is to become a digital city square for technical decision-makers to gain knowledge of transformative and transactional enterprise technology. Explore our Briefings.

goznews

Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button