Over the past six months, overall API traffic has grown 141%, but over the same period, API attack traffic has grown astonishingly 348%.
This Salt Security report reveals significant API security challenges, with all of Salt customers experiencing API attacks, with security at the top of the API program’s list of concerns, and very few respondents feeling confident their ability to identify and stop API attacks.
“APIs and the valuable data they access are the linchpins of today’s data-centric and application-centric economy. APIs remain one of the most vulnerable parts of any organization’s application or software stack. Anecdotally, we know that we find critical API security vulnerabilities in the APIs of 90% of the prospects we support. This report quantifies these anecdotal findings, highlighting the API security risks businesses face on a daily basis. API adoption and traffic have accelerated, as have security risks. APIs are meant to foster innovation, not stifle it, as we see in this report, ” says Roey Eliyahu, co-founder and CEO of Salt Security.
Organizations rely on APIs for a wide range of business-critical initiatives, 61% of survey respondents use APIs for platform or system integration, 52% to drive digital transformation and 47% to standardize or improve the efficiency of application and software development. However, 64% of respondents say they are delaying application deployment due to API security concerns.
All of the organizations surveyed have dozens of APIs in production, but only 39% have more than a basic security policy for their API program, and more than a quarter have no policy. When asked what prevents them from creating a solid plan, 30% cite lack of resources / staff and 24% cite budget constraints.
Among other findings, 40% of respondents cite the risk of “zombie” APIs as their main concern. 85% of respondents doubt the completeness of their API inventory, and 85% are unsure of which APIs expose sensitive data. 55% of respondents consider runtime protection the top priority in API security and the most valued attribute of an API security platform.