Try the on-demand periods from the Low-Code/No-Code Summit to discover ways to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders. Watch now.
Managing the assault floor is likely one of the most tough challenges going through fashionable safety groups. In in the present day’s hybrid and multicloud environments, each single app and API is a possible goal that cybercriminals can and can exploit.
At present, CDN supplier Akamai Applied sciences, Inc., launched a brand new report revealing a 257% progress in net utility and API assaults on monetary service establishments year-over-year.
The identical report additionally discovered that DDoS assaults on monetary companies establishments elevated by 22% year-over-year and located that menace actors are utilizing methods of their phishing campaigns to bypass two-factor authentication options.
Whereas the findings pertain to monetary service establishments, the report has broader implications for enterprises and highlights that net apps and APIs are a core goal for cybercriminals sooner or later.
Occasion
Clever Safety Summit
Study the vital function of AI & ML in cybersecurity and trade particular case research on December 8. Register to your free cross in the present day.
Register Now
API assaults and the rising assault floor
Akamai isn’t the one vendor to have picked up on the rising development of API assaults. Analysis launched by Noname Safety discovered that 41% of organizations had an API safety incident within the final 12 months, 63% involving a knowledge breach or knowledge loss.
One of many primary causes for the excessive quantity of API exploitation focusing on enterprises and monetary service establishments is that there’s a huge assault floor of net functions and APIs that the majority safety groups don’t have the assets or experience to guard.
“Firms have moved key infrastructure over to APIs, so the criminals are following the income. However on prime of that, APIs are newer and, in lots of circumstances, don’t have the identical stage of maturity in safety processes and controls, so are extra weak,” stated Steve Winterfeld, advisory CISO at Akamai.
“Lastly, they’re simpler to automate assaults in opposition to as they’re designed for automation. These components mix to make APIs a wise place for attackers to focus. That is additionally why CISOs must give attention to them,” Winterfeld stated.
Working towards API safety
There are a variety of steps that enterprises can take to extend their resilience in opposition to API-driven threats.
At a high-level, Gartner recommends that organizations spend money on applied sciences to robotically uncover, catalog and validate APIs, whereas creating a safety technique that includes API safety testing and API entry management.
Growing transparency over what inside and third-party APIs are used ensures that enterprises are able to begin mitigating potential vulnerabilities throughout the assault floor.
As well as, Winterfeld recommends enterprises evaluation their danger fashions to find out if they’ve applicable fraud and buyer threats categorized based mostly on this new knowledge, whereas updating phishing defenses to counter the most recent MFA assaults with FIDO2-compliant capabilities.
Extra broadly, implementing trade finest practices and processes comparable to Cyber Kill Chain and NIST’s 800-207 Zero Belief Structure may help present larger cyber resilience in opposition to the most recent threats.