APIs are big business with app adoption (opens in a new tab) application programming interfaces (APIs) are expected to experience dramatic growth this year. According to Forrester Research, commissioned by Imperva, half (49%) of organizations have between 25 and 250 APIs published internally, and 60% have the same number of public APIs, with those numbers expected to increase this year.
About the Author
David Trump is Director of Cybersecurity Solutions at BOM IT Solutions (opens in a new tab).
APIs are considered essential to digitization, allowing applications, containers and microservices to exchange data (opens in a new tab) and information quickly so that customers experience (opens in a new tab) more convenience on their digital devices. In the same Imperva report, more than three-quarters (78%) of business leaders say APIs are important for keeping the business competitive, especially for connecting with customers. (opens in a new tab) (88%) and to improve data ownership and management (83%).
All great for business productivity (opens in a new tab) and performance, but the flip side is that with this growth in APIs come greater opportunities for cybercriminals.
In the last 12 months, 95% of companies had a security API (opens in a new tab) incident based on Salt Security figures, with API attack traffic growth of 681%. API vulnerabilities cost businesses up to $75 billion a year.
How Hackers Use APIs
In the past year alone, we have witnessed high-profile breaches where hackers have used API vulnerabilities as an effective method of attack. The Optus breach saw 2.1 million users’ personal information stolen, Twitter exfiltrated the data of 5.4 million users and Lego’s BrickLink API vulnerability, discovered by Salt Security, has demonstrated the similarity of vulnerabilities inherent in open APIs.
As we become increasingly connected through digital media, APIs have become part of our daily communications. Once inside, APIs act as a means for hackers to obtain business-critical information or penetrate laterally through the organizational network.
Attackers gain relatively easy access to an API through several techniques, some more sophisticated than others. Injection attacks, DDoS hacks, authentication hijacking or man-in-the-middle (MITM) attacks are the most common, however, not having good cybersecurity governance is also a contributing factor. greatly contributes to the problem.
For at least the past five years, shadow computing has been a real problem. Not to thwart this trend, we see that the ghost API is becoming such a big issue. The factors behind this are the lack of internal communication between developers, network and security, as well as insufficient visibility into the corporate sphere.
Individuals and departments need to do their jobs as efficiently as possible, but publishing APIs without security reviews or checks, and too much internal bureaucracy and governance, leads to employees regularly getting software or unauthorized third-party applications, leaving the doors open to cybercriminals. crawl through.
How to defend against API cyberattacks
To help keep these API doors firmly closed, there are steps companies can take.
API Framework
Above all, have a thorough understanding of your API infrastructure. Security hygiene is often overlooked, but should be a regularly performed task to ensure that no missed configurations or fixes have been overlooked. Patch management tools and vulnerability scanners can contribute to overloaded security and help network teams automate some of these tasks.
Applying a role-based access control policy is a simple way to limit an individual or group’s access to internal resources. You can do this through Zero Trust Network Access (ZTNA), where security teams can quickly apply controls that limit employees to certain internal assets, limiting them only to the data they need to do their jobs effectively.
Moving to a Zero Trust architecture limits movement and access to data. There are many principles that make up Zero Trust, however, in its simplistic form, the philosophy is; Trust no device or connection on your network and limit movement between devices and applications by implementing segmentation and authentication throughout every interaction. It works a bit like an onion by putting extra protections around and in each segment. Employee access can be further limited based on the individual’s geographic location, the device they are using, their internal permissions, and the data they are trying to acquire.
Visibility
Second, visibility is a given – you can’t defend against what you can’t see and you can’t act on vulnerabilities unless you understand what’s connected and communicating in your network. Network detection and response (NDR) platforms provide excellent insight into network assets and communication patterns between systems and users. Add machine learning and you can quickly identify any anomaly or harmful behavior to take quick and appropriate action.
Team collaboration
Ensuring your SecOps team partners with your DevOps team is key to integrating automated security testing tools and the benefits of machine learning to differentiate normal API behavior from malicious traffic.
And of course, there are specific tools that can be deployed to monitor and control code developed by DevOps teams before it is pushed into the production environment. These systems are controlled and monitored by security, but it is important to give flexibility to DevOps by providing predefined secure code templates or analyzing the code before it is released. These systems can also analyze API-connecting dependencies to ensure secure connections between containers, operating systems, and applications before allowing traffic to flow.
cyber security (opens in a new tab) is constantly evolving, and so are the threats we face with APIs now at the top of the list of attack methods. It is important for security teams to understand in detail the enterprise infrastructure and associated threats in their industry to guide them in making the most informed decisions based on their technology and knowledge gaps. The only way to reduce our risk is to apply a layered approach.
We have featured the best endpoint protection software. (opens in a new tab)
