Check out the on-demand sessions from Low-Code/No-Code Summit to learn how to innovate successfully and achieve efficiency by upskilling and scaling citizen developers. Watch now.
Attack surface management is one of the toughest challenges facing modern security teams. In today’s hybrid and multi-cloud environment, every single application and API is a potential target that cybercriminals can and will exploit.
Today, CDN . providers Akamai Technology, Inc. released a new report revealing a 257% growth in API and web application attacks on financial services institutions year on year.
The same report also found that DDoS attacks against financial services institutions increased by 22% year over year and found that threat actors are using the techniques in phishing campaigns. their to bypass two-factor authentication solutions.
While the findings are relevant to financial services organizations, the report has broader implications for businesses and highlights that web applications and APIs are a core target of future cybercriminals. .
Increasing API attacks and attack surface
Akamai isn’t the only vendor catching up with the growing trend of API attacks. Research released by Noname Security found that 41% of organizations experienced an API security issue in the last 12 months, 63% related to a data breach or data loss.
One of the main reasons why the high number of API exploits targeting financial services businesses and institutions is that there is a vast attack surface of web applications and APIs that most security teams cannot afford. no resources or expertise to defend.
“Companies have moved critical infrastructure to APIS, so criminals are tracking revenue. But on top of that, the APIs are newer and, in many cases, don’t have the same maturity level in security controls and processes, so are more vulnerable,” said CISO Advisor at Akamai, Steve Winterfield. .
“Ultimately, they are easier to automate attacks because they are designed for automation. These factors come together to make the API a smart place for attackers to focus. This is also why CISOs need to focus on them,” says Winterfield.
Towards API security
There are several steps businesses can take to increase their resilience to API threats.
At a high level, Gartner recommends that organizations invest in technology to automate API discovery, cataloging, and validation, and develop a security strategy that combines API security testing and API access control.
Increased transparency over which internal and third-party APIs are used ensures that businesses can start mitigating potential vulnerabilities on the attack surface.
Additionally, Winterfield recommends that businesses review their risk models to determine if they are classifying customer threats and fraud appropriately based on this new data, and update Phishing prevention measures to combat the latest MFA attacks with FIDO2 compliance capabilities.
More broadly, implementing industry best practices and processes such as Online murder chain and NIST’s Zero Trust 800-207 Architecture can help provide greater cyber resilience to the latest threats.
VentureBeat’s Mission is to become a digital city square for technical decision-makers to gain knowledge of transformative and transactional enterprise technology. Explore our Briefings.