Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and gain efficiencies by improving and scaling citizen developers. look now.
Managing the attack surface is one of the toughest challenges facing modern security teams. In today’s hybrid and multi-cloud environments, every application and API is a potential target that cybercriminals can and will exploit.
Today, CDN provider Akamai Technologies, Inc. released a new report revealing a 257% growth in web application and API attacks against financial services institutions year over year.
The same report also revealed that DDoS attacks against financial services institutions have increased by 22% year over year and that threat actors are using techniques in their phishing campaigns to circumvent security solutions. two-factor authentication.
While the findings relate to financial services institutions, the report has broader implications for businesses and highlights that web applications and APIs are a key target for cybercriminals in the future.
Smart Security Summit
Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.
API attacks and growing attack surface
Akamai isn’t the only vendor to notice the growing trend of API attacks. A study published by Noname Security revealed that 41% of organizations had an API security incident in the past 12 months, with 63% involving a data breach or loss.
One of the main reasons for the high number of API exploits targeting enterprises and financial services institutions is that there is a large attack surface of web applications and APIs that most security teams don’t have the resources or expertise to protect.
“Companies have moved key infrastructure to APIS, so criminals are tracking revenue. But on top of that, APIs are newer and in many cases don’t have the same level of maturity in security processes and controls, so they are more vulnerable,” said Steve Winterfield, advisory CISO at Akamai.
“Finally, attacks are easier to automate because they are designed for automation. These factors combine to make APIs a smart place for attackers to focus. This is also why CISOs need to focus on them,” Winterfield said.
Work on API security
Organizations can take a number of steps to increase their resilience against API-based threats.
At a high level, Gartner recommends that organizations invest in technologies that automatically discover, catalog, and validate APIs, while developing a security strategy that incorporates API security testing and access control to APIs. APIs.
Increasing transparency over internal and third-party APIs in use ensures organizations are able to begin mitigating potential vulnerabilities on the attack surface.
Additionally, Winterfield recommends that enterprises review their risk models to determine if they have classified appropriate fraud and customer threats based on this new data, while updating phishing defenses to counter the latest MFA attacks. with FIDO2 compatible capabilities.
More generally, implementing industry best practices and processes, such as Cyber Kill Chain and NIST’s Zero Trust 800-207 architecture, can help build cyber resilience against the latest threats.
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.