 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Cyberwar gets the headlines, but the exposure of personally identifiable information (PII) via APIs is just as menacing for most companies. More often than even stopping attacks, identifying which APIs expose PII or sensitive data is named as an important attribute desired in an API security platform according to Salt Security‘s latest State of API Security report.
While stopping an attack is always a top priority, people realize that proactively addressing vulnerabilities and exploits is easier said than done.
According to Salt Labs’ data, the volume of attacks on APIs grew at twice the rate of the already red-hot increasing overall API usage. Yet, in the face of these attacks, our biggest takeaway is that 30% of the 250+ survey respondents said they had an API-related problem with “sensitive data exposure/privacy incidents”, up from just 19% in Salt Security’s Q3 2021 study. In sharp contrast, API security problems due to “vulnerabilities” and “authentication” dropped from 55% to 39% and 48% to 32% respectively.
The decline in authentication problems may have declined because of technology adoption, but 94% of the exploited APIs Salt Labs’ studied were against authenticated APIs. Furthermore, according to its customer data, 91% of APIs expose PII or personal data.
Documenting what APIs you have and what data they expose goes a long way towards addressing privacy concerns. Many people think they’ve come a long way in the last two years, but they may be overconfident. When the first State of API Security was published, 55% were somewhat or very confident that API inventory was complete; that jumped to 72% in the latest study. When asked if these API inventories API inventory provide enough details, like about exposure to sensitive data, 75% now are at least somewhat confident, up from 61% a year ago.
When Salt Security actually engages with prospects and customers, the company at a minimum identifies 40% more APIs than previously known about. Forty-three percent were realistic enough to say that their biggest API security concern is “zombie” or outdated APIs.
Exposure of sensitive information is not a new problem, but the prominence of API-first companies makes the issue more important than ever. In this re-imagined world, APIs may work as they were designed to, but when 50 million LinkedIn records are exposed, that just sounds like an excuse. Michelle McLean, Salt Security’s VP of Marketing, told The New Stack that while data exfiltration is clearly not a new problem, the mechanism of manipulating APIs is entirely new.
When thinking about what they need from an API security platform, 81% rank identifying which APIs expose PII or sensitive data as 4 (important) or 5 (highly important), while 65% rate that “stopping attacks” way. Source: Salt Security’s State of API Security – Q1 2022
