More than eight-in-ten UK organizations experienced an API attack last year, according to new research, and it’s costing them a fortune to remediate.
Analysis from Akamai found that the number of API-related attacks soared from 69% in 2023 to 83% this year – and the situation’s worse when it comes to the UK’s critical infrastructure.
The study noted that 94.1% of government and public sector organizations were affected by API security incidents over the last year. The figure is almost as high for the financial services industry (92%) and for healthcare at 90%.
Despite surging attack rates, Akamai found that only 13% of US and UK-based respondents were actively testing APIs in real-time. This, the study found, marks a decrease in testing rates compared to the year prior.
Meanwhile, oversight on sensitive data is falling too, with only 28.5% of UK enterprises with full API inventories knowing which APIs return sensitive data.
That’s down from 40% in 2023, though still more than the average global figure of 27%.
Similarly, respondents reckoned that the traditional tools they’ve relied on to protect APIs, such as web application firewalls (WAFs), API gateways, and network firewalls, don’t fully cover risk. They’re often the first to be blamed for an attack’s success.
“Our research shows that API security has yet to become a key element in a comprehensive security strategy,” said Richard Meeus, director of security technology and strategy, EMEA, at Akamai.
“Organizations mostly treat API threats as emerging, when the attack data — as well as the financial impact and stress on security teams — shows they keep growing.”
The average cost for UK organizations addressing API incidents over the past 12 months stands at £420,103, according to Akamai. This covers system repairs, downtime, legal fees, fines, and other associated expenses.
UK respondents specifically called out the other impacts of API incidents, with 31.2% of respondents saying it had led to increased stress or pressure. Across the board, respondents ranked the heightened stress and pressure notably higher than the monetary costs.
In total, there were 108 billion API attacks between January 2023 and June 2024, with the average API breach leading to at least ten-times as much leaked data as the average security breach.
Attacks are also increasing, with recent Akamai research showing that web application and API attacks together rose by 49% between 2023 and 2024.
“Our study confirms that security teams are overstretched, and that the notion of adding a whole new attack vector to your team’s workload might seem daunting,” wrote the researchers.
“But the proliferation of APIs is not going to let up, and taking steps to secure your APIs has a strong ripple effect on several other high priorities, such as GenAI vulnerabilities (to protect the APIs that exchange data with LLMs) and cloud security (to reduce risk in every API included in the workloads you migrate).”
Source link
-
-
-
-
-
-
-
-
