It is urgent for enterprises to protect API security

lately ,Imperva A new study was published , Revealing the vulnerable API Global costs are rising , Close to  117000  Analysis and estimation of specific network security events , Find out API  Security threats lead to  410-750  Billion dollars in losses .

From the results of the study , Large enterprises have  API  The proportion of relevant safety incidents is higher , The income is at least 1000 A billion dollar enterprise encounters API The possibility of safety problems is a problem for small and medium-sized enterprises 3-4 times . This data shows that , Large enterprises are accelerating their digital transformation , Particularly vulnerable and unprotected API Related safety risk impact .

API  As an invisible connecting organization , Enable applications to share data , Finally, the user experience is improved . Studies have shown that , At this stage , Enterprises use  API  The number is growing rapidly , Nearly half of the enterprises have deployed internally or publicly  50-500  individual  API, Some larger enterprises have even deployed more than  1000  Active API.

Many enterprises deploy API  It is directly connected to the back-end database storing sensitive data , therefore , Increasingly, cyber attackers will  API  As a way to access the underlying infrastructure , To steal sensitive information . Today, , Every time  13  In a network event , There is  1  Cause and effect API  Unsafe causes , With  API  The number has multiplied , Expected in the next few years , This proportion will continue to grow .

in addition , The study also found that there are great differences between industries , information technology 、 Industries such as professional services and retail are most likely to suffer from  API  Related security events .

Imperva  Senior vice president of product management 、 General manager of application security department  Karl Triebes  Express , If not solved API Strategies for security issues , Companies around the world will continue to lose huge amounts of money every year , To alleviate the growing API Related security threats , Enterprises need to be able to discover all of the... In their environment API And make it clear that the data is API  Flow trends .

Improve API Security advice ：

• Identify and classify flows through each API The data of ： Visibility is important for understanding every API The complete architecture of as well as the identification and classification of the data flowing through it in order to assess the risk is crucial ;
• Auto discovery ：API Is fast to generate and frequently modified , This makes them a blind spot for many organizations . Through automation , Organizations can eliminate “ ills ”API. Besides , Through automation API detailed list , The security team can clearly see that developers are modifying in production API The situation of ;
• Enable API government ： For entities in highly regulated industries ,API The governance model is crucial , Only when visibility exceeds API It is only possible when the end point extends to the underlying payload , Therefore, sensitive data can be fully protected .

Last ,Triebes  emphasize , Each and  API  The root cause of related security events is data , Protect API  We need to change our way of thinking , The point is to classify the data , Understand every... In production  API  How to access data , This approach requires the joint efforts of the security and development teams , Embed security in the development lifecycle .

Unfortunately , Before you do that , Cyber criminals will continue to take advantage of the fragile  API, Massive theft of sensitive data .

notes ： This article is collected from  helpnetsecurity.com, The producer is responsible for its integrity , But not responsible for its authenticity and effectiveness .

Reference article ：https://www.helpnetsecurity.com/2022/06/28/properly-securing-apis/