One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8391785 |
| Date de publication | 2023-10-05 10:00:00 (vue: 2023-10-05 10:06:38) |
| Titre | Gartner a prédit que les API seraient le vecteur d'attaque n ° 1 - deux ans plus tard, est-ce vrai? Gartner predicted APIs would be the #1 attack vector - Two years later, is it true? |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue. This shift has led to a massive proliferation in APIs, with businesses relying on hundreds or even thousands of APIs to provide their technology offerings, enhance their products, and leverage data from various sources. However, with this growth, businesses have opened the door to increased risk. In 2021, Gartner predicted that APIs would become the top attack vector. Now, two years and a number of notable breaches via APIs later, it’s hard (or rather, impossible) to dispute this. The security trends shaping the API landscape One of the biggest threat vectors when it comes to APIs is that they are notoriously hard to secure. The API ecosystem is constantly evolving, with enterprises producing huge numbers of APIs in a way that’s outpacing the maturity of network and application security tools. Many new APIs are created on emerging platforms and architectures and hosted on various cloud environments. This makes traditional security measures like web application firewalls and API gateways ineffective as they can’t meet the unique security requirements of APIs. For bad actors, the lack of available security measures for APIs means that they are easier to compromise than other technologies that rely on traditional (and secure) architectures and environments. Given that so many businesses have made such a large investment in their API ecosystem and have made APIs so core to their operations, an attack on an API can actually be quite impactful. As such, if a cybercriminal gets access to an API that handles sensitive data, they could make quite a bit of financial and reputational damage. At the same time, many businesses have limited visibility into their API inventory. This means there could be numerous unmanaged and “invisible” APIs within a company’s environment, and these make it increasingly difficult for security teams to understand the full scope of the attack surface, see where sensitive data is exposed, and properly align protections to prevent misuse and attacks. In light of these trends, it’s no surprise then that Salt Security recently reported a 400% increase in API attacks in the few months leading to December 2022. Unfortunately, ensuring that APIs are secured with authentication mechanisms is not enough to deter bad actors. Data shows that 78% of these attacks came from seemingly legitimate users who somehow were able to maliciously achieve proper authentication. At a more granular level, 94% of the report’s respondents had a security issue with their production APIs in the last year. A significant 41% cited vulnerabilities, and 40% noted that they had authentication problems. In addition, 31% experienced sensitive data exposure or a privacy incident — and with the average cost of a data breach currently at $4.45 million, this poses a significant financial risk. Relatedly, 17% of respondents experie |
| Envoyé | Oui |
| Condensat | — salt’s 2021 2022 400 ability able about access according account accounts achieve actors actually addition admitted adopt advanced align all any api apis application architectures are article at&t attack attacks authentication author available average bad become becomes becoming before behind believe biggest bit breach breaches build business businesses came can can’t challenges change cited clear cloud comes common companies company’s compromise concerns constant constantly content continue continuous core cost could counter created critical current currently cybercriminal damage data december deploy deployment design deter development difficult dispute documentation does door drift easier ecosystem element emerging endorse enhance enough ensuring enterprise enterprises entire environment environments essential even everyone evolving executing exfiltration experience experienced exposed exposure facing fact financial firewalls from full gaps gartner gartner’s gateways gets given granular growth had handles hard has have having high hosted however huge hundreds identify impactful imperative implement impossible improve incident include includes including increase increased increasingly indicated industries ineffective infancy information inventory investment issue it’s lack lagging landscape large last later leaders leadership leading least led legitimate level leverage light like limited log logging logic long made make makes maliciously many massive maturity means meanwhile measures mechanisms mediation meet million misuse monitoring months more most must name network new next not notable noted notoriously now number numbers numerous offerings one only opened operations organization’s organizations other outcomes outdated outpacing over place platforms poses positions post potential power predicted prediction prevent priority privacy problems producing production products proliferation proper properly protection protections provide provided quite rapidly rate rather recent recently reduce relatedly reliance rely relying remain report report’s reported reputational requirements research respondents responsibility revenue risk robust running runtime salt same say scale scope secure secured security security’s see seemingly sensitive shaping shift should shows significant solely somehow sources steps strategic strategies strategy strong succeed successfully such suite surface surprise takeover talking teams technologies technology testing than that’s them then there’s these though thousands threat time tools top traditional trends true truth two understand unfortunately unique unmanaged updated upon users various vector vectors views visibility vulnerabilities want way web when where which who will within would year years zombie |
| Tags | Data Breach Tool Threat Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.