Why Organizations Struggle to Secure APIs
Security Boulevard, Monday, August 21,2023
API attacks are plaguing businesses. In The State of API Security in Q1 2023, Salt Security reported that '94% of respondents have experienced security problems in production APIs over the past year, with 17% having experienced an API-related breach.'
Add to that the fact that attackers are getting better at coming up with ways to fool security measures, with more than three-fourths of all attacks appearing to involve legitimate users because they are using stolen credentials.
These numbers emphasize something that many organizations already know: Securing APIs is hard. Until there is a deeper understanding of the reasons behind why API security is such a struggle, APIs will be vulnerable to attacks.
Multiple Factors Leading to Difficulty
There are multiple factors that make it difficult to secure APIs, including:
API Sprawl. Companies are building and deploying huge numbers of APIs at a rapid pace, yet there is too often a lack of API governance programs. Many organizations don't even have an accurate count of the APIs in their environment, explained Nick Rago, field CTO at Salt Security, in an email interview. If you don't know an API exists, you can't secure it, he added.