DDoS and Botnet Attacks Remain Biggest Threat to API Security: Survey

Application Program Interface, or API, are fundamental to any electronic handshake by providing users with the means to access digital services, devices and more. Their ubiquity and relevance in today’s digital world also brings significant security risks.

According to a new survey by cybersecurity firm Imperva, some 69% of companies have public-facing APIs offering access to sensitive data behind their applications. The study revealed nearly 80% of organizations opting to use a public cloud service to protect the data behind their APIs, using a combination of API gateways and application firewalls (63.2% each). When the companies were asked about their biggest threats, 63% of respondents revealed their biggest concerns: DDoS attacks, botnet attacks and authentication enforcement for APIs.

In essence, over two-thirds of surveyed companies are exposing their APIs to the public and their partners while organizations on average are managing some 363 different APIs.

“APIs represent a growing security risk because they expose multiple avenues for hackers to try to access a company’s data,” stated Terry Ray, CTO for Imperva. “To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications.”

DevSecOps, a combination of development, security and operations, sees optimism from nearly 92% of IT professionals who believe it will lead to the future of application development. This directly relates to a proactive desire from organizations for security to be added as a layer on top of the software development from its very beginning.

Ray added:

Cybercrime is pervasive, and it is vital that organizations keep their applications safe from hackers. Embracing DevSecOps provides organizations with the building blocks needed for defense against some of the most serious cybersecurity threats

Image credit: LIFARS Archive.