APIs (Application Programming Interfaces) are a critical driver of the digital economy. Observers predicted that Nvidia’s recently launched Omniverse Cloud APIs will propel new digital twin software tools that will supercharge design, simulation and operation processes. However, with digital advancements such as this, there are always significant security considerations.
APIs, while indispensable, have become one of cybercriminals’ favourite vectors for account takeover attacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud. The ease with which these attacks can be mounted, thanks to widely available tools and scripts, underscores the inadequacy of traditional defence mechanisms in addressing the modern threat landscape.
In fact, our recent research study revealed that 84% of respondents admitted to not having advanced API security in place. Meanwhile, only 14% of companies surveyed viewed using AI technologies in API security as a priority. Furthermore, sectors with stringent regulatory requirements, such as finance and insurance, reported a lack of sufficient resources to effectively detect API threats. So, what do organisations need to do to improve the security of their APIs?
Prioritising API Security as a Strategic Objective
Elevating the importance of API security within an organisation is imperative. We know that the majority of companies (95%) have experienced API security problems in the last 12 months, so recognising the need for a strategy – because of how ubiquitous this risk is – is a crucial first step towards this goal.
‘Insufficient budget’ and a ‘lack of expertise’ are the most common reasons for a lack of action on developing a comprehensive strategy. This is surprising given that the reputational and operational cost of a breach far outweighs the price of deploying a consolidated web application and API security solution.
Therefore, organisations need to realign their strategic objectives by adopting comprehensive security strategies that go beyond conventional measures and protect their digital assets effectively. This means preparing not just for current threats but also anticipating future risks, and having adaptable services to allow organisations to react to future risks.
Consolidated Security Solutions: Streamlining Protection
The first step in reinforcing defences is to, where it makes sense, integrate web applications and API security solutions from a single provider. This consolidated approach ensures a seamless security process across all digital touchpoints, reducing the complexity and potential gaps that could be exploited by attackers.
Using a single provider brings multiple benefits and efficiencies. These include a reduction in complexity and workload associated with managing multiple security systems as well as enhanced threat visibility and decision-making. In addition, a unified solution facilitates integration with existing IT Infrastructure, which can lead to a more streamlined and operationally efficient way to manage and mitigate risk.
It’s crucial for companies to evaluate potential providers carefully, ensuring that they offer comprehensive and adaptable solutions that meet their security requirements without creating additional silos.
The Role of AI in API Security Enhancement
Incorporating AI-based tools into a business’s security arsenal could be a step forward in tackling the complexity of the API threat landscape. Our report found that 58% of security professionals anticipate that generative AI will have a ‘large or very large’ impact on API security in the next 2-3 years. This expectation increases to 75% among financial institutions and insurers.
Investigating AI-based tools for API security offers a promising pathway to strengthening defences. AI and machine learning algorithms can sift through extensive data sets to identify complex patterns and anomalies that may indicate cyber threats. This improves the accuracy and timely threat detections through AI’s ability to uncover previously unknown attacks. What’s more, the enhanced ability to forecast potential security issues can empower organisations to take more preventative measures against risks and better anticipate future challenges.
That said, there is unfortunately little enthusiasm for this. Only 14% of the individuals surveyed regarded the use of AI technologies in API security as a top priority. While the potential of AI to enhance API security is significant, concerns about the accuracy, complexity and management of AI systems persist. Organisations need to stay agile, continuously updating their AI security tools to effectively combat evolving cyber threats.
Elevating API Security
APIs are fundamental to the digital economy, making their security paramount for businesses. Fortunately, the means to enhance API security are available and accessible. By prioritising API security, leveraging consolidated security solutions and exploring AI’s potential, companies can protect their digital assets more effectively. As we move forward, it’s essential to focus on, not only driving innovation but also ensuring the security of the digital infrastructure that supports it.
Jay Coley is the Senior Security Architect for Fastly in EMEA. After spending time in the US Military, he started his security career at Prolexic Technologies - the first full cloud DDoS mitigation platform. He then worked in various roles at Akamai Technologies and more recently Trend Micro. Jay Coley brings over 25 years of security experience to Fastly, where his role is to increase industry focus and visibility on the Fastly Edge platform.