Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.
Managing the attack surface is one of the most difficult challenges for modern security teams. In today’s hybrid and multi-cloud environments, every single app and API is a potential target that cybercriminals can and do exploit.
Today, CDN provider Akamai Technologies Inc. has released a new report revealing a 257% year-over-year growth in web application and API attacks against financial services firms.
The same report also found that DDoS attacks against financial services companies increased by 22 percent year over year and that threat actors are using techniques in their phishing campaigns to evade two-factor authentication solutions.
While the findings pertain to financial services companies, the report has broader implications for enterprises and highlights that web apps and APIs will be a prime target for cybercriminals in the future.
Event
Intelligent security stop
On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.
register now
API attacks and the growing attack surface
Akamai isn’t the only vendor to pick up on the growing trend of API attacks. Research released by Noname Security found that 41% of organizations had an API security incident in the last 12 months, 63% with a data breach or data loss.
One of the main reasons for the high level of API exploitation targeting enterprises and financial services is that there is a huge attack surface of web applications and APIs that most security teams lack the resources or expertise to protect.
“Companies have moved key infrastructure to APIS, so the criminals follow the revenue. But on top of that, APIs are newer and in many cases don’t have the same level of maturity in security processes and controls, so they’re more vulnerable,” said Steve Winterfield, consulting CISO at Akamai.
“Finally, they are easier to automate attacks against because they are designed for automation. These factors combine to make APIs a smart place for attackers to focus. This is also why CISOs should focus on that,” said Winterfield.
Working on API security
There are a number of steps enterprises can take to increase their resilience to API-driven threats.
On a high level, Gartner recommends that organizations invest in technologies to automatically discover, catalog and validate APIs while developing a security strategy that includes API security testing and API access control.
Increasing transparency about which internal and external APIs are used ensures that enterprises are able to mitigate potential vulnerabilities on the attack surface.
In addition, Winterfield recommends that companies review their risk models to determine whether they have correctly categorized fraud and customer threats based on this new data, while updating phishing defenses to counter the latest MFA attacks with FIDO2-compliant capabilities. .
More generally, implementing industry best practices and processes such as Cyber ​​Kill chain and NIST’s 800-207 Zero Trust architecture can help provide greater cyber resilience against the latest threats.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.