Check out the on-demand classes from the Low-Code/No-Code Summit to discover ways to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders. Watch now.
Managing the assault floor is likely one of the most troublesome challenges dealing with fashionable safety groups. In at present’s hybrid and multicloud environments, each single app and API is a possible goal that cybercriminals can and can exploit.
Today, CDN supplier Akamai Technologies, Inc., launched a brand new report revealing a 257% progress in net utility and API assaults on monetary service establishments year-over-year.
The similar report additionally discovered that DDoS assaults on monetary companies establishments elevated by 22% year-over-year and located that menace actors are utilizing strategies of their phishing campaigns to bypass two-factor authentication options.
While the findings pertain to monetary service establishments, the report has broader implications for enterprises and highlights that net apps and APIs are a core goal for cybercriminals sooner or later.
Event
Intelligent Security Summit
Learn the vital position of AI & ML in cybersecurity and trade particular case research on December 8. Register on your free go at present.
API assaults and the rising assault floor
Akamai isn’t the one vendor to have picked up on the rising pattern of API assaults. Research launched by Noname Security discovered that 41% of organizations had an API safety incident within the final 12 months, 63% involving an information breach or information loss.
One of the principle causes for the excessive quantity of API exploitation focusing on enterprises and monetary service establishments is that there’s a huge assault floor of net purposes and APIs that almost all safety groups don’t have the sources or experience to guard.
“Companies have moved key infrastructure over to APIs, so the criminals are following the revenue. But on top of that, APIs are newer and, in many cases, don’t have the same level of maturity in security processes and controls, so are more vulnerable,” mentioned Steve Winterfeld, advisory CISO at Akamai.
“Finally, they are easier to automate attacks against as they are designed for automation. These factors combine to make APIs a smart place for attackers to focus. This is also why CISOs need to focus on them,” Winterfeld mentioned.
Working towards API safety
There are a variety of steps that enterprises can take to extend their resilience towards API-driven threats.
At a high-level, Gartner recommends that organizations spend money on applied sciences to mechanically uncover, catalog and validate APIs, whereas creating a safety technique that includes API safety testing and API entry management.
Increasing transparency over what inside and third-party APIs are used ensures that enterprises are ready to start out mitigating potential vulnerabilities throughout the assault floor.
In addition, Winterfeld recommends enterprises evaluation their threat fashions to find out if they’ve applicable fraud and buyer threats categorized primarily based on this new information, whereas updating phishing defenses to counter the most recent MFA assaults with FIDO2-compliant capabilities.
More broadly, implementing trade finest practices and processes similar to Cyber Kill Chain and NIST’s 800-207 Zero Trust Architecture may help present better cyber resilience towards the most recent threats.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise know-how and transact. Discover our Briefings.